HMRC Launches Strengthened Tax Whistleblower Reward Scheme- A New Era for UK Tax Compliance
The United Kingdom has officially launched its Strengthened Reward Scheme for tax whistleblowers, marking a historic transformation in the country’s approach to combating serious tax avoidance and evasion.
Announced on November 28 by His Majesty’s Revenue and Customs (HMRC), the new program adopts a US-style incentive model that could deliver multi-million-pound rewards to individuals who report high-value tax fraud.
A Fundamental Shift in UK Tax Enforcement
The new scheme represents a dramatic departure from the UK’s previous informer payment system, which has long been criticized for offering minimal, discretionary awards that failed to incentivize reporting of serious tax crimes.
Under the old model governed by the Commissioners for Revenue and Customs Act 2005, HMRC paid out just £978,256 to all informants combined in the 2023/24 fiscal year—a figure dwarfed by the UK’s estimated £46.8 billion tax gap.
The Strengthened Reward Scheme changes everything. It supplements the existing 2005 Act by creating a parallel pathway specifically designed for high-value cases involving large corporations, wealthy individuals, and offshore or tax avoidance schemes.
Key Features of the New Program
According to HMRC’s official guidance released today, the scheme includes several groundbreaking enhancements:
US-Style Percentage-Based Rewards
The most significant change: whistleblowers can now qualify for rewards between 15% and 30% of the tax collected if their information leads to the collection of at least £1.5 million in tax (excluding penalties and interest). This mirrors the highly successful IRS whistleblower program, which has recovered over $7.4 billion in unpaid taxes since 2007.
No Upper Cap
Unlike many reward programs, there is no maximum limit on payments. A tip that leading to the recovery of £100 million could yield a reward of £15 million to £30 million for the whistleblower, creating a genuine incentive for insiders with knowledge of massive fraud schemes to come forward.
Clear Qualification Guidelines
HMRC has published transparent criteria for what constitutes a qualifying disclosure and the factors that determine the final reward percentage, including the quality of information provided and the degree of assistance offered during the investigation.
Enhanced Process
The new system provides clearer pathways for reporting, with HMRC committing to notify whistleblowers when their report is received and to contact them if more information is needed or if they are eligible for a reward.
Who Can Qualify?
To be eligible for a reward under the Strengthened Reward Scheme, several conditions must be met:
You can qualify if:
Your information leads to the collection of at least £1.5 million in tax
The information is original, specific, and not already known to HMRC
You are not the taxpayer involved in the evasion or someone who planned the fraudulent activity
You are not a current or former civil servant who obtained the information through your employment
You cannot qualify if:
You obtained information through government employment
You are acting anonymously (anonymous reports are accepted but cannot receive payment)
You are acting on behalf of someone else
The information could have been identified through HMRC’s routine processes
You are required by law to disclose or not disclose the information
Why This Matters
The UK’s tax gap—the difference between tax owed and tax collected—stood at £46.8 billion for the 2023/24 fiscal year, representing approximately 5.3% of total tax liabilities. Much of this gap stems from sophisticated schemes by large corporations and wealthy individuals that are extremely difficult for authorities to detect without inside information.
Research has consistently demonstrated that financial incentives dramatically increase whistleblower reporting. A landmark 2010 study found that in US industries with substantial monetary rewards for whistleblowers, employees exposed 41% of fraudulent activity, compared to just 14% in those without such incentives — a stark 27-percentage-point difference.
The Royal United Services Institute (RUSI), in its report “The Inside Track,” concluded that financial rewards are empirically proven to drive greater insider reporting, provide actionable intelligence, and deter economic crime.
Important Considerations
While the new scheme represents a major advancement, HMRC emphasizes that rewards remain discretionary and are not guaranteed. This differs from the US model, where qualifying whistleblowers have a statutory right to payment.
Experts advise potential whistleblowers to:
Seek experienced legal counsel before making a disclosure
Consider negotiating a written agreement with HMRC regarding award terms
Understand that tax investigations can take years to complete
Never attempt to gather additional information or let anyone know about the report
Do not make multiple reports on the same activity
How to Report
Individuals with information about serious tax avoidance or evasion can report through HMRC’s official reporting system at www.gov.uk/report-tax-fraud. All information provided will be treated as private and confidential. Reports should include:
Detailed description of the activity (up to 1,200 characters)
How you know about the activity
Your relationship to the individual or business
Duration of the fraudulent activity
Total value or estimation
Description of supporting information available
Looking Ahead
However, the program’s ultimate success will depend on HMRC’s commitment to honoring its reward promises and the government’s willingness to strengthen anti-retaliation protections for whistleblowers who risk their careers to expose wrongdoing.
For individuals considering reporting tax fraud, the message is clear: the UK has fundamentally changed how it values and rewards those who help protect the public treasury.
This article was authored by Joseph Orr
FinReg Monthly Update November 2025
Welcome to the FinReg Monthly Update, a regular bulletin highlighting the latest developments in UK, EU and U.S. financial services regulation.
Key developments in November 2025:
Asset Management / Wealth Management
17 November – Liquidity Management RTS: The European Commission has adopted Delegated Regulations containing regulatory technical standards (RTS) on liquidity management tools under the Alternative Investment Fund Managers Directive (2011/61/EU) (AIFMD) and the UCITS Directive (2009/65/EC).
17 November – Fund Valuation Standards: The International Organization of Securities Commissions (IOSCO) published a consultation report on updated recommendations on valuing collective investment schemes.
17 November – Depositary Supervision Review: ESMA published a report on the outcome of a peer review of the supervision of depositary obligations.
Sustainable Finance / ESG
20 November – SFDR 2.0 Legislative Proposal Launched: On 20 November 2025, the European Commission officially launched their legislative proposal for the updates to the Sustainable Finance Disclosure Regulation (“SFDR”). In a significant departure from the current SFDR disclosure regime, the European Commission proposes a categorisation regime for funds in its place. Please refer to our dedicated article on this topic here.
13 November – CSRD / CSDDD Simplification Mandate: On 13 November 2025, the European Parliament adopted its negotiating mandate on the European Commission’s Omnibus proposal to reduce the scope of the Corporate Sustainability Due Diligence Directive (EU) 2024/1760) and the Corporate Sustainability Reporting Directive ((EU) 2022/2464). Please refer to our dedicated article on this topic here.
13 November – NGFS Climate Scenario Guide: The Network for Greening the Financial System (NGFS) published an updated version of its guide to climate scenario analysis for central banks and supervisors.
11 November – Taxonomy Delegated Acts Review: The European Commission has published calls for evidence (CfEs) on two proposed Delegated Regulations amending the Taxonomy Climate Delegated Act ((EU) 2021/2139) and the Taxonomy Environmental Delegated Act ((EU) 2023/2486). Please refer to our dedicated article on this topic here.
10 November – ESRS ‘Quick Fix’ Regulation: Commission Delegated Regulation (EU) 2025/1416 amending Delegated Regulation (EU) 2023/2772 as regards the postponement of the date of application of the disclosure requirements for certain undertakings (referred to as the Quick Fix Regulation) was published in the Official Journal of the European Union, on 10 November 2025.
7 November – NGFS Climate Scenario Notes: The Network for Greening the Financial System (NGFS) published a series of explanatory notes to clarify and improve the usability of its long-term climate scenarios.
5 November – EBA Environmental Scenario Analysis: The EBA published a final report (EBA/GL/2025/04) on guidelines on environmental scenario analysis under the CRD IV Directive (2013/36/EU).
4 November – Updated SFDR Q&A: The Joint Committee of the European Supervisory Authorities (ESAs) published an updated version of its questions and answers (Q&A) (JC 2023 18) on the SFDR (EU) 2019/2088) and on Commission Delegated Regulation (EU) 2022/1288, which supplements the SFDR with regard to RTS on content and presentation of information (SFDR Delegated Regulation).
Securities / Capital Markets
28 November – Bond and Derivatives SI Regime: The FCA published a policy statement (PS25/17) on removing the systematic internaliser (SI) regime for bonds, derivatives, structured finance products and emission allowances.
27 November – Credit Builders and Data Collection: The FCA has published its regulation round-up for November 2025. Among other things, the FCA outlines its findings from a review of credit builder products, explains how it is standardising the way it collects financial data at the authorisation gateway and summarises its work on improved digital forms.
27 November – UK EMIR Margin Amendments: The PRA and the FCA published a joint policy statement on changes to the UK bilateral margin requirements for non-centrally cleared derivatives under UK EMIR (648/2012) (PRA PS23/25 / FCA PS25/16), which take the form of amendments to the binding technical standards (BTS) in the UK onshored version of Commission Delegated Regulation (EU) 2016/2251, supplementing UK EMIR.
21 November – FCA Fees and Levies Consultation: The FCA published a consultation paper on policy proposals for its regulatory fees and levies for 2026/27 (CP25/33).
21 November – UK Transaction Reporting Reforms: The FCA published a consultation paper (CP25/32) on proposed improvements to the UK transaction reporting regime.
20 November – Regulated Activities Amendment Order: The Financial Services and Markets Act 2000 (Regulated Activities) (Amendment) Order 2025 (SI 2025/1205) has been published on legislation.gov.uk.
19 November – Market Conduct Codes Recognition: The FCA published an updated version of its webpage on recognised industry codes to reflect the fact it has extended its recognition of the FX Global Code, the UK Money Markets Code and version 2 of the Global Precious Metals Code.
19 November – Equity Consolidated Tape Consultation: The FCA published a consultation paper on the proposed framework for introducing an equity consolidated tape (CT) in the UK run by a consolidated tape provider (CTP) (CP25/31).
12 November – Neo-Brokers Final Report: The IOSCO published its final report on neo-brokers.
5 November – FCA Intragroup EMIR Changes: The FCA published a consultation paper (CP25/30) proposing changes to its BTS on the intragroup exemption regime under UK EMIR (648/2012). The relevant BTS are the UK version of Commission Delegated Regulation (EU) 2016/2251 (BTS 2016/2251) and the UK version of Commission Delegated Regulation (EU) 149/2013 (BTS 2013/149).
5 November – UK EMIR Intragroup Amendments: HM Treasury published a draft version of the Over the Counter Derivatives (Intragroup Transactions) Regulations 2026, together with a policy note.
3 November – Overseas Recognition Regime Regulations: The Financial Services (Overseas Recognition Regime Designations) Regulations 2025 (SI 2025/1147) published on legislation.gov.uk.
3 November – Berne Agreement FCA Guidance: The FCA published guidelines for firms on the Berne Financial Services Agreement.
Financial Crime / Conduct / Sanctions
27 November – FOS 2026/27 Plans Consultation: The Financial Ombudsman Service (FOS) published a consultation paper on its proposed plans and budget for 2026/27.
26 November – SFO Compliance Programme Guidance: The Serious Fraud Office (SFO) published updated guidance on evaluating corporate compliance programmes in England, Wales and Northern Ireland. The guidance outlines six scenarios where the SFO assesses an organisation’s compliance programme, including decisions on prosecution, deferred prosecution agreements (DPAs), compliance terms or monitorships in DPAs, defences under the Bribery Act 2010 and the Economic Crime and Corporate Transparency Act 2023, and sentencing considerations.
21 November – Updated SARs Best Practice: The National Crime Agency published UKFIU SARs best practice guidance on how to use the SAR portal to submit a SAR to the UKFIU, how to help reporters submit a high-quality SAR and how to help reporters seek a defence under Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000.
17 November – JMLSG AML/CTF Consultation: The Joint Money Laundering Steering Group (JMLSG) published, for consultation, proposed revisions to Part I of its anti-money laundering (AML) and counter-terrorist financing (CTF) guidance for the financial services sector.
14 November – FCA Regulatory Failure Investigations Policy: The FCA published a statement of policy on statutory investigations into regulatory failure and producing reports.
11 November – FCA Financial Crime Review Findings: The FCA published the findings from a multi-firm review focused on firms’ business-wide risk assessment (BWRA) and customer risk assessment (CRA) processes. The firms involved in the review included building societies, platforms, e-money firms and wealth management firms.
5 November – Financial Inclusion Strategy: HM Treasury published its new financial inclusion strategy, which sets out a national plan aimed at removing barriers to financial participation and building financial resilience.
5 November – BNPL Credit Broking Exemption: The Financial Services and Markets Act 2000 (Regulated Activities, etc.) (Amendment) (No 2) Order 2025 (SI 2025/1154) has been laid before Parliament and published on legislation.gov.uk with an explanatory memorandum. The Order will exempt domestic premises suppliers from credit broking regulation when they offer certain buy-now-pay-later (BNPL) credit products to customers.
3 November – Central Sanctions Enforcement Hub: A new sanctions enforcement action collections page launched by the Foreign, Commonwealth and Development Office (FCDO), the Office of Financial Sanctions Implementation (OFSI), and the Office of Trade Sanctions Implementation (OTSI).
Cryptoassets / Payments
27 November 2025 – IRSG Response on Crypto Consultation: The International Regulatory Strategy Group (IRSG) published its response to the FCA’s September 2025 consultation paper on the application of its Handbook to regulated cryptoasset activities (CP25/25).
26 November – Stablecoin Sandbox Cohort: The FCA publisheda new webpage announcing the launch of a special cohort within its Regulatory Sandbox for firms issuing stablecoins.
25 November – EP Resolution on AI in Finance: The European Parliament adopted a resolution on the impact of AI on the financial sector.
20 November – Property (Digital Assets) Bill: On 19 November 2025, the Property (Digital Assets etc) Bill passedits third reading in the House of Commons with no amendments. It is now awaiting Royal Assent.
18 November – Confirmation of Payee Compliance Report: The Payment Systems Regulator (PSR) published a compliance report on Specific Direction 17, which relates to the confirmation of payee system.
12 November – Tokenised Asset Markets Report: The Investment Association, together with the Investment Management Association of Singapore, published a report examining the challenges and opportunities in tokenised asset markets across the UK and Singapore.
11 November – Tokenisation of Financial Assets Report: The IOSCO published a final report (FR/17/25) discussing observations from a monitoring exercise conducted by its Fintech Task Force to determine how tokenisation and distributed ledger technology (DLT) is being developed and adopted in capital markets products and services.
10 November – BoE Systemic Stablecoins Consultation: The Bank of England (BoE) published a consultation paper on regulating sterling-denominated systemic stablecoins for UK payments issued by non-banks.
7 November – Retail Payments Infrastructure Strategy: HM Treasury published an update on the work of the Payments Vision Delivery Committee.
Artificial Intelligence / Digital Regulation
18 November – DORA Critical ICT Providers List: The ESAs published a list of designated critical ICT third-party service providers under the Regulation on digital operational resilience for the financial sector ((EU) 2022/2554) (DORA).
12 November – ECON Report on AI in Finance: The European Parliament’s Committee on Economic and Monetary Affairs (ECON) published a report on the impact of AI on the financial sector.
5 November – HM Treasury AI Skills Commission: HM Treasury published a letter to the Financial Services Skills Commission (FSSC) from Lucy Rigby MP, Economic Secretary to the Treasury, commissioning the FSSC to research and produce a report on AI skills needs, training and innovation in financial services.
Prudential / Remuneration
28 November – PRA Credit Union Assessment: The PRA published a letter it has sent to directors of credit unions, setting out the key findings from its 2025 assessment of these firms and the actions it expects firms to take.
26 November – MIFIDPRU Reporting Quality Review: FCA published its finding following a review of MIFIDPRU Reporting Quality.
26 November – FCA Reviews Data Quality in MIFIDPRU Prudential Reporting: The FCA published its findings on the quality of prudential regulatory reporting by MIFIDPRU investment firms, identifying good practice as well as areas for improvement including inconsistent data, incorrect firm classification and errors in reporting units.
25 November – IAIS Global Monitoring Exercise: The International Association of Insurance Supervisors (IAIS) published an updated version of its global monitoring exercise (GME) document for the period 2026-28, as well as a new set of ancillary risk indicators for the individual insurer monitoring (IIM) assessment methodology within the GME.
21 November – ComFrame and ICS Consultation: The IAIS published a consultation on developing its common framework for the supervision of internationally-active insurance groups (IAIGs) (ComFrame) to reflect the international capital standard (ICS). The related materials are available on the IAIS consultation webpage.
21 November – Joint Internal Model Authorisations ITS: Commission Implementing Regulation (EU) 2025/2338, amending Commission Implementing Regulation (EU) 2016/100 which contains implementing technical standards (ITS) on the joint decision process for internal models authorisation under the Capital Requirements Regulation (575/2013) (CRR), has publishedin the Official Journal of the European Union.
20 November – FSB Global Stability Priorities: The Financial Stability Board (FSB)published a letter from Andrew Bailey, FSB Chair, to G20 finance ministers and central bank governors ahead of their meeting on 22 and 23 November 2025.
18 November – EIOPA Macroprudential RTS: EIOPA published two final reports (report 1and report 2) containing draft RTS on new macroprudential tools that have been introduced under the Solvency II Directive (2009/138/EC), as amended by the Solvency II Amending Directive ((EU) 2025/2).
12 November – PRA Leverage Ratio Threshold: The PRA published a policy statement (PS22/25) on changes to the retail deposits threshold for application of the leverage ratio requirement.
7 November – CVA Risk Supervision Peer Review: The EBA published a peer review follow-up report analysing the effectiveness of the supervisory practices of competent authorities regarding their assessment of credit valuation adjustment (CVA) risk of the institutions under their supervision.
6 November – Market Risk Framework Consultation: The European Commission published a targeted consultation on the application of the market risk prudential framework.
3 November – Third-Country Branches Authorisation Guidelines: The EBA published a consultation paper on draft guidelines relating to the authorisation of third-country branches (TCBs) under the CRD IV Directive (2013/36/EU), as amended by the CRD VI Directive ((EU) 2024/1619).
Commission Payments / Motor Finance
5 November – Motor Finance Redress Scheme Update: The FCA published a statement providing an update on the progress and timing of its consultation (CP25/27) on a possible motor finance consumer redress scheme. The consultation deadline has been extended to 12 December 2025.
EU Financial Markets
28 November – MiCA Data Standards Statement: ESMA published a statement (ESMA75-1303207761-6284) on technical specifications for implementing a number of data standards and format requirements under the Regulation on markets in cryptoassets ((EU) 2023/1114) (MiCA).
24 November – AI Act Implications Factsheet: The EBA published a factsheet on the implications of the Artificial Intelligence Act ((EU) 2024/1689) (AI Act) for the EU banking and payments sector.
20 November – SFDR and PRIIPs Amendments Proposal: The European Commission adopted a proposed Regulation amending Regulation (EU) 2019/2088 on sustainability-related disclosures in the financial services sector and Regulation (EU) 1286/2014 on key information documents for packaged retail and insurance-based investment products (PRIIPs Regulation), and repealing Commission Delegated Regulation (EU) 2022/1288 (SFDR RTS) (COM(2025) 841 final) (2025/0361 (COD)).
19 November – CRR Market Risk Call for Evidence: The European Commission published a call for evidence on a delegated act on the own funds requirements for market risk under the Capital Requirements Regulation (575/2013) (CRR).
14 November – Gibraltar Market Access Extension: The Financial Services (Gibraltar) (Amendment) (EU Exit) Regulations 2025 (SI 2025/1182) have been published on legislation.gov.uk, together with an explanatory memorandum.
U.S. Matters – Private Funds
20 November – CFTC: The US Senate Committee on Agriculture, Nutrition and Forestry advanced President Trump’s nominee for CFTC Chairman, Michael Selig, in his confirmation process. The nomination will now move to the full US Senate for consideration.
17 November – SEC Exams: The SEC’s Division of Examinations released its 2026 exam priorities. The SEC’s Division of Examinations’ priorities included adherence to fiduciary standards of conduct, particularly in business lines serving retail investors and focused on issues involving emerging technologies like artificial intelligence.
17 November – Rule 14a-8:The SEC’s Division of Corporation Finance published a statement that, during the 2025-2026 proxy season, it will generally not respond substantively to no-action requests from companies intending to rely on any basis for exclusion of shareholder proposals under Rule 14a-8, other than requests to exclude a proposal under Rule 14a-8(i)(1), which is typically used by companies seeking to exclude “ESG” related proposals.
12 November – U.S. Government Shutdown Ends:President Trump signed a bill to fund the government, ending the longest U.S. government shutdown in history and reopening the U.S. federal government. The SEC has resumed its operations, but SEC staff are currently working through a backlog of items received during the shutdown (e.g., reviewing new filings, resuming ongoing exams, etc.). The bill only funded the government until January 30, 2026, meaning the parties will need to reach agreement on an additional extension soon in order to avoid another shutdown.
Nathan Schuur, Robert Sutton, Rachel Lowe, Sasha Burger, Sulaiman Malik, and Michael Singh contributed to this article
IRS Failures Stall Efforts to Curb Offshore Tax Evasion
The Internal Revenue Service (IRS) estimated the gross tax gap for the 2022 fiscal year to be an astounding $696 billion. The IRS defines the gross tax gap as the difference between tax owed and the amount paid on time. While already grave on its own, the severity is even worse in context as the 2022 tax gap is up $200 billion from the $496 billion amassed between the years 2014 and 2016.
A major driver of the rise is offshore tax evasion, one of the most difficult forms of noncompliance to detect. An IRS case study found that such evasion among top earners “went almost entirely undetected,” underscoring how limited the agency’s current enforcement tools have become.
A 2021 report by the Department of Treasury estimated that, between 2006 and 2013, $33 billion of underreported income pervaded each year’s tax gap projections when taking offshore assets into consideration. The Committee for a Responsible Federal Budget concluded the value nears $46 billion for 2019. With tax evasion only worsening, an effective solution has never been more pressing.
The Swiss Bank Program
In 2013, the Department of Justice and the IRS joined forces to create the Swiss Bank Program, launched as a direct result of the “actionable information brought to the IRS” through its Whistleblower Program. Leveraging the fear of detection triggered by the Whistleblower Program, the program provided “a path for Swiss banks to resolve potential criminal liabilities in the United States” by disclosing their illicit activities and paying the ensuing penalties.
The program yielded substantial success: 84 banks came forward and over $1.36 billion in penalties were issued. With the last resolution taking place in 2015, however, the program has since closed. While some initiatives to prosecute offshore tax evasion live on, dedicated efforts are lacking. Notably, the DOJ’s Offshore Compliance Initiative has also been placed in the archives.
The Swiss Bank Program must not only be reinstated but expanded to other parts of the world in order to tackle the reality of tax evasion’s ubiquity.
The Progressing and Regressing of the IRS Whistleblower Program
Founded in 1867, it wasn’t until 2006, though, that the IRS Whistleblower Program was put into full force. Almost immediately after its revitalization, submissions “skyrocketed,” Dennis Ventry recalls – a proliferation which has only continued.
These steady advancements, however, are accompanied by deficiencies. Debilitating the program are conspicuous delays in decisions and significant cut-backs in awards. In an article entitled “Lost Opportunities: The Underuse of Tax Whistleblowers,” authors Webber and Davis-Nozemack underscore that, as of 2015, the IRS faced a backlog of more than 22,000 cases and awarded only about 100 whistleblowers each year. The underwhelming number of awards compared to the number of reports appears to remain as, in a 2024 report, the IRS issued only 105 awards. Webber and Davis-Nozemack concluded that the IRS “does not seek all available information and assistance from whistleblowers.” The IRS even recognizes its shortcomings, addressing processing times and increasing its “focus on improving the IRS Whistleblower Program.”
Although the Whistleblower Program time and again proves crucial in exposing corruption, the IRS’ sweeping disregard for its whistleblowers could disincentive future informants from coming forward.
With the Swiss Bank Program no longer in effect, the success of the IRS Whistleblower Program garners even greater importance. The IRS program should resolve its shortcomings and use tactics similar to those of the Swiss Bank Program to target offshore tax evasion.
IRS Whistleblower Program Improvement Act
In light of the program’s defects, both Republican and Democratic Representatives and Senators came together to draft the IRS Whistleblower Program Improvement Act of 2023. The bill, guided by an appreciation of the “essential role” whistleblowers play in uprooting “tax cheating schemes,” details the major features of the program that need reform. Notably, the bill enforces the use of De Novo reviews, in which courts can take a “fresh look at the record” on appeals, prohibits reductions in awards due to budget sequestration, ensures anonymity for whistleblowers, and mandates that whistleblowers receive their award within one year of filing.
Conceived over two years ago, however, the bill remains unfulfilled. What’s more, a previous bill, the “IRS Whistleblower Improvement Act of 2021,” equally awaits action. Stalling, and even turning a blind eye to, the implementation of a solution to the inefficiencies of the Whistleblower Program and, in turn, the tax evasion crisis is wholly unjustified.
The absence of programs like the Swiss Bank Program and the mounting delays in the IRS Whistleblower Program have left authorities with few tools to uncover offshore tax evasion. Despite bipartisan bills aimed at repairing these gaps, Congress has not advanced IRS Whistleblower reforms. Advocates caution that, without meaningful action, the United States risks forfeiting billions more each year as offshore tax evasion continues with little deterrence.
Compromised Credentials Responsible for 50% of Ransomware Attacks
The statistics listed in the Quarterly Threat Report: Third Quarter, 2025, issued by Beazley Security are eye popping. They include:
August and September showed a sharp increase in ransomware activity, with those months accounting for 26% and 18% of reported ransomware incidents in the last half year, respectively.
Akira, Qilin, and INC Ransomware represented 65% of all ransomware cases, demonstrating a significant increase in attack activity by the largest ransomware operators.
Known Exploited Vulnerabilities tracked by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) fell by 26%, yet attackers executed several high-impact exploitation campaigns.
Critical vulnerabilities in Cisco and NetScaler remote-access devices increasingly drew attention from attackers.
Attacks on SonicWall devices by Akira ransomware group accelerated in Q3, followed by a prominent MySonicWall data breach impacting all organizations leveraging the backup cloud service.
According to the report, business services were hit the most, followed by professional services and associations, manufacturing & distribution, healthcare, other, education, government, financial institutions, retail, and construction.
Significantly, the report notes that “the most common entry point was the use of valid, compromised credentials to access VPN infrastructure, which continued to grow in distribution this quarter. This trend underscores the importance of ensuring that multifactor authentication (MFA) is configured and protecting remote access solutions and that security teams maintain awareness and compensating controls for any accounts where MFA exceptions have been put in place.” The next category was the exploitation of internet-facing systems and services. A smaller subset included “search engine optimization (SEO) poisoning attacks and malicious advertisements, observed as a method used for initial access in some Rhysida ransomware investigations. This technique places threat actor-controlled websites at the top of otherwise trusted search results, tricking users into downloading fake productivity and administrative tools such as PDF editors.”
The report notes how effective the SonicWall vulnerability has been for threat actors. It concludes that there is an “overlapping threat to customers using SonicWall’s network appliance product line. Going forward, Beazley Security expects threat actors in possession of the stolen configurations will leverage the compromised backup files to launch future, targeted attacks.”
California’s Privacy Protection Agency Creates Data Broker Enforcement Strike Force
On November 18, the California Privacy Protection Agency (CPPA) announced the creation of a Data Broker Enforcement Strike Force within its Enforcement Division to investigate alleged violations of the California Consumer Privacy Act and the Delete Act’s data broker registration requirements. The Agency stated that the new unit will expand its review of the data broker industry and support implementation of the Delete Request and Opt-Out Platform, which will allow consumers to submit a single deletion request to all registered data brokers beginning in January 2026.
The announcement builds on CalPrivacy’s 2024 investigative sweep into data broker compliance, which the Agency reports has resulted in a significant number of ongoing enforcement actions. The Strike Force will provide additional resources to expand those efforts and increase oversight of registration and compliance obligations under the Delete Act and the CCPA.
Putting It Into Practice: California continues to lead the way in state-level privacy enforcement and supervision (previously discussed here and here), and the launch of the Strike Force marks another expansion of its oversight footprint. Other states are likely to explore similar enforcement models, making it important for organizations operating across jurisdictions to monitor new developments and update compliance programs accordingly.
Listen to this article
SCOTUS Today- Term Begins with Easy Unanimity, a Condition Soon to Be Forgotten
The U.S. Supreme Court has several highly contentious matters under consideration, or soon to be argued, including whether various presidential executive orders can survive separation-of-powers analysis.
Yesterday, however, the Court began the flow of this term’s decisions with two per curiam opinions (that is, unsigned rulings of a unanimous Court) that reached easily predictable conclusions.
That is not to say that these decisions are unimportant. Indeed, for those of us who, if only occasionally, defend criminal cases, the two decisions provide useful procedural advice. Given the tenor of recent arguments, though, this term’s early harmony is unlikely to last. So, let’s revel in the peace of the day.
Clark v. Sweeney was a case in which a man convicted of second-degree murder in Maryland had his conviction reversed upon a request for habeas corpus relief by the U.S. Court of Appeals for the Fourth Circuit, but on grounds that Sweeney himself had never asserted and, accordingly, the prosecution had had no opportunity to address. This transgressed the “party-presentation principle,” a use-it-or-lose-it rule that preserves the adversarial nature of criminal justice.
In seeking reversal of his conviction, Sweeney had alleged ineffective assistance of counsel. However, describing certain impermissible investigative activity by members of the sitting jury, the Court of Appeals, sua sponte, held instead that the case had been prejudiced by a “‘combination of extraordinary failures from juror to judge to attorney’ that deprived Sweeney of his right to be confronted with the witnesses against him and his right to trial by an impartial jury.”
The Supreme Court firmly held that “[i]n our adversarial system of adjudication, we follow the principle of party presentation. . . . The parties ‘frame the issues for decision,’ while the court serves as ‘neutral arbiter of matters the parties present,’” quoting Greenlaw v. United States, 554 U. S. 237, 243 (2008) (citations omitted).
While the Supreme Court’s decision reversed Sweeney’s conviction, the matter is not at an end. The Court simply remanded the case for the trial court to consider what should have been decided in the first place: the claim of ineffective assistance of counsel.
The second case decided yesterday also involved confrontation, this time about a human rather than a technical pleading issue. The per curiam opinion in Pitts v. Mississippi begins with the generally applicable statement that the Confrontation Clause of the Sixth Amendment guarantees a defendant the opportunity to face a witness before the trier of fact. However, that rule might not literally apply in a case of child abuse, where the trauma of a trial might impair a child-witness’s ability to give testimony.
The case involved Pitts’s alleged sexual abuse of his daughter. Consistent with Mississippi law, the state sought permission to place a screen between the child and her father when she took the witness stand. Pitts objected. While he didn’t question the statute’s mandatory terms governing screening, he did allege that they violated the Sixth Amendment. The trial judge simply granted the state’s request for the screen, holding that the Mississippi law governed on its face. However, referencing prior decisions, the Supreme Court held that the trial court should have applied a case-specific analysis to determine whether or not face-to-face confrontation should be required.
However, as in the Sweeney decision, the reversal of the defendant’s conviction does not end things. Instead, the Supreme Court noted that even constitutional errors can be subjected to the “harmless error” rule. Thus, the case was remanded to allow the prosecutor at least to try to show that a conviction could have been obtained irrespective of the failure to allow face-to-face confrontation. This result, which many present and former prosecutors might find problematic, likely doesn’t write finis to the Pitts story. One suspects that, absent a plea, there will be future appellate issues requiring judicial attention.
For now, though, a peaceful day at the Court has ended. But are those rumblings that one can hear in the heavens?
Key Tenets of Whistleblower Rewards Programs for UK to Follow
The United Kingdom’s tax authority, HM Revenue and Customs (“HMRC”), is working on developing a program to pay awards to tax informers who provide information that leads to tax enforcement. This program is expected to be unveiled in November of this year. The Serious Fraud Office (“SFO”) is also working on developing a similar whistleblower rewards program.
The UK is developing these programs because they have seen that the US whistleblower reward programs are highly successful. A report by Royal United Services Institute (“RUSI”) Fellow Eliza Lockhart examined the success of the US Whistleblower reward programs and found that these types of programs would also be effective in the UK.
A large part of why these U.S. programs are so successful is because they offer financial awards of 10-30% of the monies collected in enforcement actions that they significantly contributed to. These award laws work because they flip the calculus on white-collar crime. Economists have long found that white-collar crime and corruption are rational economic activities, which occur when the benefits outweigh the risks of detection and penalties.
To really change the calculus on corruption, it is necessary to flip the equation on its head and make whistleblowing itself a rational economic activity. This is where whistleblower rewards are critical: they increase the benefit and decrease the risk for whistleblowers exposing the truth. These laws treat whistleblowing as an essential part of an anticorruption system, rather than as an employment issue.
For these programs to work as intended, certain key design tenets must be included. These include reliable confidentiality protections, reliable paying of rewards to qualified whistleblowers, not reducing the effectiveness of rewards for the largest cases by including a cap on rewards, and ensuring that the whistleblower program has a guaranteed funding mechanism.
Confidentiality Protections
Confidentiality protections are necessary for any whistleblower rewards program to succeed. By allowing whistleblowers to remain confidential, whistleblowers can trust that providing information will not lead to retaliation against them. Retaliation can lead to whistleblowers losing their source of income, having their reputations tarnished through smear campaigns, and being blacklisted from their industry.
The strongest protections against retaliation for a whistleblower are confidentiality and anonymity. A company or organization cannot retaliate against a whistleblower if they do not know who blew the whistle, or even that there is a whistleblower. Confidentiality has the added benefit of making wrongdoers respond to the information about their misdeeds itself rather than attacking the whistleblowers who bring it forward.
US Dodd-Frank style whistleblower reward programs, including the Securities Exchange Commission (“SEC”), Commodity Futures Trading Commission (“CFTC”), and Financial Crimes Enforcement Network (“FinCEN”) whistleblower programs, are the gold standard for confidentiality and anonymity of whistleblowers. These programs are required by statute to allow whistleblowers to remain completely anonymous when using an attorney, and the identity of the whistleblower is required by statute to be guarded by the agency.
While the UK programs may have different constraints for how the program can be designed, and whether they can offer anonymity, it is important for the programs to have reliable protections for confidentiality that whistleblowers can safely rely upon.
Mandatory Rewards
Whistleblowers face significant amounts of uncertainty and risk when blowing the whistle. By coming forward, they put their careers at stake and often face retaliation. In order to offset this risk and incentivize whistleblowers to come forward, especially whistleblowers with the most important information, the rewards offered by programs must be reliable. When rewards are discretionary and can be denied by a whistleblower office without recourse, whistleblowers view the rewards as insufficient for the risk they are undertaking and choose to not use the program. Whistleblowers face enough uncertainty without being unable to trust the programs they are meant to rely upon.
The United States programs have learned this lesson through trial and error, where discretionary programs failed and were replaced by successful programs that guaranteed rewards for qualified whistleblowers. The Internal Revenue Services’ (“IRS”) had a voluntary whistleblower rewards program that was a failure, which was made mandatory in 2006. The SEC’s discretionary program failed and was replaced by a program with mandatory rewards in 2010. The False Claims Act became successful when rewards for whistleblowers were guaranteed to be at least 15%.
This precise issue was addressed most recently in the Anti Money Laundering (“AML”) Whistleblower Program, which was established in 2020 as a discretionary program and was updated in 2022 solely to make rewards mandatory. National Whistleblower Center (“NWC”) explained in the rulemaking comments that: “It is highly unlikely that persons with relevant information relating to illegal money laundering and financing terrorism will risk their livelihoods, reputations and the potential of high litigation costs without reasonable financial assurances.” This argument was accepted by Congress and the law was successfully amended in 2022.
The amended AML Whistleblower Program followed the lead of the highly successful Dodd-Frank programs, where the whistleblower offices do not have discretion and must pay whistleblowers an award of 10-30% if the whistleblower is qualified under set criteria for the reward. See 31 U.S.C. § 5323(b)(1); 15 U.S.C. § 78u-6(b)(1); 7 U.S.C. § 26(b)(1). Discretion for determining the amount of an award between 10 and 30% is available based on set factors. See 31 U.S.C. § 5323(c); 15 U.S.C. § 78u-6(c); 17 CFR § 240.21F-6; 7 U.S.C. § 26(c); 17 CFR § 165.9. These discretionary factors help to incentivize certain behaviors of whistleblowers, such as cooperation with the investigation, prompt reporting of information, and cooperation with internal compliance systems. See 17 CFR § 240.21F-6(a)(2)(i)-(ii), (a)(4); 17 CFR § 165.9(b)(2)(i)-(ii), (b)(4).
We hope that the HMRC program, and other UK programs, avoid these early failures that US programs experienced. UK programs may require additional legislation in order to make rewards mandatory for qualified whistleblowers; however, there are non-legislative ways to ensure the dependability of reward programs.
If a program must be discretionary, the first way to increase the reliability of whistleblower rewards is by including in the program’s rules a presumption of paying an award to whistleblowers so long as:
the whistleblower provided information in the manner designated by the program;
the information initiated or significantly contributed to the collection of proceeds;
sufficient proceeds were in fact collected; and
the whistleblower does not meet any of the categories for disqualification.
Including this clear presumption in the rules for the program will increase whistleblowers’ trust in the program by reducing the leeway for arbitrary denials of rewards.
A further way to reduce the chance of arbitrary award denials is to specify the reasons for which the whistleblower can be denied an award. See, e.g., 15 U.S.C. § 78u-6(c)(2). This gives whistleblowers guideposts for how they interact with the program and helps ensure consistency in both granting and denying awards.
These simple steps can increase whistleblowers’ trust in the program’s payment of rewards, even for programs that do not mandate rewards.
No Caps on Rewards
A further matter of importance is ensuring that there are no caps on amount of rewards. While reward caps may appear to be a fair idea – ensuring that whistleblowers are not paid what seems to be unduly large amounts – their actual effect is to deter the best whistleblower cases.
The whistleblowers who have access to information on the scandals that will result in the largest collections by agencies and therefore the largest rewards, are often also very successful and highly paid executives – with much to lose by blowing the whistle. By capping rewards, these whistleblowers the rewards for blowing the whistle will not overcome the steep risks that they face. As described by Lockhart:
The need for large rewards is particularly relevant to cash-for-information schemes that aim to incentivise corporate insiders to report incidents of economic crime. The already substantial risks involved in becoming a whistleblower are magnified for financial and professional service providers, whose jobs prioritise confidentiality, privacy and trust. Disclosing sensitive information, even in the public interest, can result in the whistleblower not only sacrificing a highly remunerated position, but also becoming blacklisted from their chosen profession.
Large rewards also play a key role in deterrence, making wrongdoers aware that their own employees are highly incentivized to report illegal activity rather than remain silent. This can even lead to a “race to report” the illegal activity.
Bradley Birkenfeld, a Swiss banker who blew the whistle on UBS and took down a US tax evasion scheme in Swiss banks, exemplifies the success that can result from offering large rewards. Birkenfeld’s whistleblowing led to a fine of $780 million paid by UBS, and a substantial IRS recovery of US taxes from US citizens who illegally hid their money in Switzerland. Due to the sheer scale of this whistleblowing case and the considerable recoveries, Birkenfeld received an award of $104 million. This case showed the promise of US whistleblower reward programs – for whistleblowers, regulators, and wrongdoers. Following this unprecedented reward, significantly more whistleblowers reported to US reward programs and the Swiss banking industry was put on notice that their own bankers had incentive to go to US regulators.
A similarly important consideration is ensuring that the size of an award does not affect the percentage of an award paid to a whistleblower. The SEC regulations specifically disallow using the size of an award as a factor when determining reward percentage for the same reasons as above: because it disincentivizes the best whistleblowers with the largest cases. See 17 CFR § 240.21F-6(d).
Guaranteeing Funding for Programs
The final consideration is ensuring that a whistleblower program has reliable funding. After a program becomes successful, other areas of government may try to have the funds brought in by whistleblowers be allocated elsewhere, eventually bleeding the program dry. It is important to ensure from the start that some of the funds brought in by the program are used solely to fund the program itself.
The report by RUSI found clearly that whistleblower reward programs are not just effective – but also cost-effective. The CFTC whistleblower program had administrative costs of $21 million from 2012 to 2022. “Deducting those costs and the total rewards paid to whistleblowers over that decade from the total financial recovery obtained from whistleblower-related cases results in a gross operating profit of more than US$2.6 billion.”
Conclusion
As the UK works to develop their whistleblower reward programs, we urge them to utilize the prior experience of the US programs to develop a program with these key tenets – there is no better way to ensure that the program will be trusted and utilized by whistleblowers.
DOJ Ramps Up Antitrust Enforcement in Agriculture Industry
Earlier this year, Foley & Lardner reported on the Department of Justice (“DOJ”) Antitrust Division’s announced plans to ramp up civil and criminal antitrust enforcement in the agriculture sector. Recent actions taken by the DOJ and statements made by leading officials in the Antitrust Division show they are making good on those promises.
Most recently, Assistant Attorney General Gail Slater announced this past Wednesday that DOJ enforcers have initiated several investigations aimed at the meatpacking industry—which she called a “priority” for the DOJ. Earlier this month, U.S. Attorney General Pam Bondi similarly announced that a joint investigation into the industry by the DOJ Antitrust Division and the Department of Agriculture was underway. Both announcements came shortly on the heels of November 7, 2025, Truth Social posts from President Trump, where he called on the DOJ to “immediately begin an investigation” into the major meat processors. The President’s exhortation may have resulted from increasing commentary about rising consumer costs for beef products. The ensuing investigations could be expansive and extend well beyond the companies singled out by the President.
The DOJ has signaled its intended focus on the agriculture industry through other means too. The Antitrust Division and the Department of Agriculture recently executed a Memorandum of Understanding to facilitate the agencies’ cooperation in “monitoring competitive conditions in the agricultural marketplace.” Additionally, the DOJ has initiated large-scale investigations in the industry in recent years, such as the 2021 investigation into the broiler chicken industry, and brought several large agricultural antitrust enforcement actions, including the still-ongoing United States v. Agri Stats, Inc. There, the DOJ alleges that Agri Stats violated Section 1 of the Sherman Act by collecting, utilizing, and sharing competitively sensitive price, cost, and output information among competing meat processors. Given the role of Agri Stats in private antitrust litigation against broiler chicken producers, the DOJ suit highlights the need for agriculture companies to diligently monitor their use of third-party aggregate benchmarking services.
These recent developments have important implications for companies in the agriculture industry (and beyond). They are likely to see a continued uptick in DOJ investigations and resulting criminal and civil enforcement cases. It is also reasonable to expect a flurry of follow-on civil litigation (including class actions) initiated by private plaintiffs. Coming into an election year, these matters may also create pressure for Congressional investigations and hearings. Companies in the agriculture industry should be mindful of this heightened legal, and potentially political, scrutiny.
Beltway Buzz, November 21, 2025
Senate Committee Postpones Vote on NLRB. This week, the U.S. Senate Committee on Health, Education, Labor and Pensions (HELP) was forced to postpone a scheduled vote to advance the nomination of Scott Mayer to be a member of the National Labor Relations Board (NLRB). Republicans hold a slim 12–11 voting majority on the HELP Committee, meaning that a loss of just one vote could make it challenging to approve any nominee. Mayer’s nomination thus lags behind fellow Board nominee James Murphy and NLRB general counsel nominee, Crystal Carey, both of whom have already been approved by the committee and await a vote on the Senate floor.
President Trump Sends EEOC GC Nominee to Senate. President Donald Trump has nominated management attorney M. Carter Crow to serve as general counsel of the U.S. Equal Employment Opportunity Commission (EEOC). Given the administration’s theory that the Commission is not an independent agency but rather firmly within the executive branch, if confirmed, Carter can likely be expected to pursue an enforcement agenda that tracks with EEOC Chair Andrea Lucas’s priorities (which align with those of the administration). The Commission’s previous acting general counsel, Andrew Rogers, is now the administrator of the Wage and Hour Division at the U.S. Department of Labor (DOL). Principal deputy general counsel, Catherine Eshbach, is currently performing the duties of the general counsel at the Commission. T. Scott Kelly, Nonnie L. Shivers, James J. Plunkett, and Zachary V. Zagger have the details.
Senator Seeks Changes to OPT. According to the administration’s Spring 2025 Unified Agenda of Regulatory and Deregulatory Actions, in September of this year, the U.S. Department of Homeland Security’s (DHS) Immigration and Customs Enforcement (ICE) was scheduled to issue a proposed regulation to amend the Optional Training Practical (OPT) Program. The program provides F-1 student visa holders with one year of work authorization after graduation, and an additional two years if they graduate with a STEM degree. In anticipation of the pending regulatory proposal, Senator Eric Schmitt (R-MO) sent a letter to Secretary of Homeland Security Kristi Noem and U.S. Citizenship and Immigration Services (USCIS) Director Joseph Edlow, encouraging them to “conduct a thorough review of the OPT program to begin the process of either reforming or ending OPT.” Senator Schmitt reasoned that “OPT was created (and then expanded) by unelected bureaucrats in the executive branch, without the input or approval of Congress, circumventing the caps and limits that govern employment-based visas” and can therefore “be overhauled or ended by executive action.”
House Committee Examines E-Verify. On November 19, 2025, the U.S. House of Representatives’ Committee on Education and the Workforce’s Subcommittee on Workforce Protections held a hearing, titled, “E-Verify: Ensuring Lawful Employment in America.” As the title implies, the hearing explored ways to improve the E-Verify system while considering a nationwide mandate, with a particular focus on the construction industry. Witnesses noted that continuing errors within the E-Verify system, as well as identity theft and fraud, need to be addressed. They further suggested that E-Verify automatically send alerts when an employee no longer has work authorization, and that compliance assistance should be provided to make the system accessible to and work for small businesses. Other witnesses warned that a nationwide E-Verify mandate could have negative impacts on workers and the broader economy. The Legal Workforce Act (H.R. 251), a bill that was introduced in January 2025, would mandate E-Verify for all employers.
House Committee Advances Employment Legislation. As a follow-up to its March 25, 2025, hearing on the future of the Fair Labor Standards Act (FLSA), on November 20, 2025, the House Committee on Education and the Workforce advanced the following FLSA-related bills:
Working Families Flexibility Act of 2025 (H.R. 2870). This bill would provide private-sector employees with the option of choosing paid time off instead of overtime pay. Republicans have introduced a companion bill in the Senate. A version of the bill passed the House of Representatives in 2017.
Tipped Employee Protection Act (H.R. 2312). This bill would amend the FLSA to clarify the definition of “tipped employee.” Accordingly, the bill would limit the DOL’s ability to issue regulations interpreting the definition, such as the 2021 “80/20” regulation.
Ensuring Workers Get PAID Act of 2025 (H.R. 2299). This bill would codify the DOL’s Payroll Audit Independent Determination (PAID) program, which incentivizes employers to audit their payroll and leave practices and self-report mistakes to the DOL.
The Buzz will be monitoring these bills and will provide updates should they gain any traction in Congress.
Susan B. Anthony, ‘Criminal.’ On November 18, 1872, women’s rights activist and suffragist, Susan B. Anthony, was arrested in her hometown of Rochester, New York, for voting in that year’s presidential election (in which incumbent Ulysses S. Grant defeated Horace Greeley). At the time, New York law prohibited women from voting. While not expecting to be arrested—Anthony thought she would be denied the opportunity to cast a ballot and would then file a lawsuit—she used the period between her arrest and trial date to generate publicity for the women’s suffrage movement. Anthony argued that the recently ratified 14th Amendment guaranteed women the right to vote, and she turned her attorney’s oral argument at a pretrial hearing into a pamphlet that she distributed to newspapers. Associate Supreme Court Justice Ward Hunt had responsibility over the federal court in New York and presided over the trial. On June 18, 1873, Hunt issued a directed verdict against Anthony and ordered her to pay a $100 fine, which she never paid. Anthony’s arrest and trial were galvanizing moments in the women’s suffrage movement and the broader movement for women’s rights, though the goal of securing voting rights for women in the United States was not fully realized for another forty-five–plus years, when the 19th Amendment to the U.S. Constitution was ratified in 1920, and several more decades when women of color gained the right to vote throughout the United States.
WHERE ARE WE HEADED?: That Time 49 States Filed a 245 Trillion Dollar Lawsuit Against a Teleco Carrier and the Case Really Didn’t Go Anywhere…
Just a fascinating one for you.
So a couple years back basically all 50 states–Alaska and South Dakota did not originally sue, but the FCC and the AG for DC did, and then South Dakota did eventually– sued a guy named Michael D. Lansky and a lady named Stacey S. Reeves of Avid Telecom in an absolutely extraordinary lawsuit.
The complaint between December 2018 and January 2023, Avid Telecom transmitted over 24.5 billion illegal robocalls, with more than 7.5 billion directed to numbers on the National Do Not Call Registry.
The complaint sought damages in an incalculable amount given the crisscrossing remedies and multiple state law claims asserted but assuming a minimal recovery of $10,000 per call (some calls were apparently carrying penalties over $100k per call as they allegedly violated multiple TSR and TCPA and state law sections simultaneously) we are looking at a lawsuit seeking hundreds of trillions of dollars in penalties.
What the heck did these guys do so wrong to potentially owe a sum exceeding twice the global GDP?
Well allegedly they knowingly allowed illegal robocallers on their network.
That’s it. That’s the crime.
And those of you trying to make large-volume outbound calls should understand why carriers are so cautious in light of these action.
Now the complaint makes clear Avid did more than just provide network access– it provided bulk DIDs and also supplied lead lists to callers.
That last part is what really got them in trouble.
Also look at these alleged calling metrics:
Between January 1, 2019, and November 3, 2022, Avid Telecomrouted to its downstream customer All Access Telecom more than4.52 billion calls—an average of over 3.2 million calls per daytransmitted to this provider alone—that were placed to over 685.7million phone numbers across the country. More than 474.8 milliondifferent Caller ID or DID numbers were used to place those calls,over 72% of which were used to make just one telephone call. Amongthese calling numbers, over 58% matched the call recipient’s areacode, with a small percentage of that matching both the area code andlocal exchange. Of the 27% of these 4.52 billion calls that wereactually answered, the average call duration was only 16 seconds
Wow.
Plus a lot of the calls Avid carried were allegedly pure scam calls. Stuff like this:
Dear customer. Thank you for your purchase on Amazonshopping. This call is to inform you that your purchase forApple Mac Book Pro will be delivered shortly and amount of$1,539 will be debited from your account for this purchase. Ifyou authorize these charges, no action required, and if you didnot authorize this charge press one to speak to Amazoncustomer support.
Not good.
Making matter worse, enforcement actions were taken against its customers resulting in hundreds of millions of dollars in fines.
But the most concerning part for many in the lead generation space if many of the calls originated from multi-vertical form websites and the AGs presented these “consent farm” websites to the court in furtherance of the claims against the carrier.
In essence, the argument goes like this: ITG issues tracebacks advising of illegal calls. Avid responded to these tickets with consent records that it knew or should have known was illegal. So it (the carrier) should have stopped further calls by those clients. Failing to do so constituted a knowing acceptance of illegal traffic.
Hmmm.
Should be noted that no court has actually found forms like the ones the AGs point to to be illegal. But we move on.
Despite the massive scale of the case it hasn’t really gotten very far.
The parties are still squabbling over discovery. One motion to dismiss was denied but the individual defendants are attempting to bring another one aimed at removing themselves from the case individually (we will see how that goes). And it looks like this case will be bogging down the resources of all 50 states (except Alaska) for the foreseeable future.
Will keep an eye on it (a very slowly moving eye.)
Complaint here: Avid Complaint
Take aways here:
Carriers need to be monitoring traffic, knowing their customers and taking decisive action in response to ITF tickets or knowledge of illegal calls;
Callers need to be aware of additional pressure on carriers and expect ongoing deliverability issues;
Lead generators and buyers need to be aware of ongoing state and federal scrutiny of multi-vertical lead gen forms and forms with high numbers of marketing partners;
Get yourself good telecom lawyers if you want to survive in this space!
Court Guidance: Public Allegations and Institutional Response in Recent Title IX Litigation
In recent years, the use of the term “rapist” on campus has sparked significant legal debate in Title IX higher education cases. Two notable cases, Nungesser v. Columbia University and the more recently decided Doe v. University of Maryland, provide contrasting judicial perspectives on this issue. In this legal update, we examine these cases, focusing on their legal reasoning, outcomes, and implications for educational institutions.
Nungesser v. Columbia University
In Nungesser v. Columbia University, a student at Columbia University, was accused of rape by a fellow student. Despite being found “not responsible” by Columbia’s Office of Gender-Based Misconduct, the Complainant continued to publicly label the Respondent as a “rapist” through her senior thesis project, the Mattress Project, which gained widespread media attention. The Respondent filed a lawsuit against Columbia, alleging that the University violated his Title IX rights by allowing the Complainant to continue her campaign against him.
The United States District Court for the Southern District of New York eventually dismissed the Respondent’s Title IX claim, concluding that he failed to demonstrate that the harassment was based on his gender. The Court emphasized that the term “rapist” was used in the context of specific allegations rather than as a gendered slur. The Court also noted that Nungesser did not sufficiently allege a deprivation of educational opportunities, as required under Title IX. Columbia later settled with the Respondent out of court.
Doe v. University of Maryland
Doe v. University of Maryland involved a student at the University of Maryland who was similarly accused of sexual assault and subsequently exonerated by the University’s Title IX process. As in Nungesser, the Respondent faced a public campaign labeling him a “rapist,” which, in this case, led to his exclusion from campus activities, including the club lacrosse team. The Respondent sued the University of Maryland, claiming deliberate indifference to student-on-student harassment under Title IX.
The United State District Court for the District of Maryland found that the Respondent had presented sufficient evidence to proceed with his Title IX claim. The Court found that the persistent labeling of the Respondent as a “rapist” constituted sex-based harassment, as it was aimed at humiliating and ridiculing him based on his alleged sexual conduct. The Court also found that the harassment deprived the Respondent of educational benefits, as it led to his exclusion from extracurricular activities.
Analysis of the Legal Reasoning and Outcomes of these Cases
The divergent outcomes in these cases highlight the nuanced application of Title IX. In Nungesser, the Court focused on the intent behind the use of the term “rapist” concluding that it was not used as a gendered slur but rather as a factual accusation, albeit false. The Court also emphasized the lack of a systemic impact on the Respondent’s educational experience.
Conversely, the Doe Court recognized the term as inherently sex-based when used to publicly shame and exclude the Respondent from educational opportunities. The Court found that the University of Maryland’s failure to address the harassment was “clearly unreasonable,” thus meeting the standard for deliberate indifference under Title IX.
Implications for Institutions of Higher Education
These cases underscore the importance of context and intent in these types of Title IX claims. Institutions must strike a balance between protecting speech and ensuring a non-discriminatory and non-retaliatory environment. This requires clear policies and procedures that address the use of potentially harmful language while safeguarding students’ rights.
As a result of these cases, institutions of higher education should carefully consider the potential for actionable sex-based harassment claims when students are publicly labeled in this manner. As part of this analysis, institutions should carefully evaluate the circumstances surrounding the use of such terms and the impact on the accused student’s educational experience.
Conclusion
The contrasting decisions in Nungesser and Doe illustrate the complexities of Title IX cases that involve students using the term “rapist” to refer to a Title IX Respondent. Educational institutions must navigate these challenges with sensitivity and a commitment to equity, ensuring compliance with Title IX while protecting the rights of all students. By adopting clear policies, ensuring procedural fairness, and proactively managing risks, institutions can navigate these challenges effectively.
Litigation Minute: Hype Responsibly: Legally Promoting Your AI
What You Need to Know in a Minute or Less
Regardless of the cutting-edge nature of artificial intelligence (AI), its recent popularity has led to an age-old problem of how to legally market products featuring it. Deceptive claims regarding AI have been dubbed “AI washing” and can invite both enforcement and civil lawsuits.
In a minute or less, here is what you need to know.
Government Watchdogs Are Already on the Prowl
The Federal Trade Commission (FTC) has led the charge among enforcers rooting out AI washing. In September 2024, the FTC announced Operation AI Comply, a law enforcement crackdown on actors relying “on artificial intelligence as a way to supercharge deceptive or unfair conduct that harms consumers.”1 The FTC’s announcement included details of actions it had taken against companies that, according to the FTC, had “seized on the hype surrounding AI” and were “using it to lure customers into bogus schemes.”2
One such actor was DoNotPay, which made the lofty claim that it offered, for US$49.99 a month, a subscription service to “the world’s first robot lawyer.”3 According to the FTC, DoNotPay claimed that its “AI lawyer” could perform “legal services such as drafting ‘ironclad’ demand letters, contracts, complaints for small claims court, challenging speeding tickets, and appealing parking tickets.”4 The FTC disagreed.
The FTC’s investigation uncovered that DoNotPay had not, among other things, trained its AI “on a comprehensive and current corpus of federal and state laws, regulations, and judicial decisions or on the application of those laws to fact patterns,” and had neither itself tested nor employed attorneys to test “the quality and accuracy of the legal documents and advice generated” by its product.5 FTC and DoNotPay ultimately entered into a consent agreement requiring a monetary payment as well as notice to its customers that, among other things, it “did not have sufficient proof of our claims that DoNotPay operates like a human lawyer when it generates demand letters and initiates cases in small claims court” and it had “stopped making these claims and will not make them in the future unless we have adequate proof.”6
Despite signals of a deregulatory environment under the current administration, enforcement has not slowed on the AI-washing front.
In April 2025, the SEC and DOJ jointly announced civil and criminal securities and fraud charges against Albert Saniger, founder and former CEO of mobile shopping application Nate.7 Saniger allegedly induced over US$40 million in investments with promising claims about Nate’s use of AI to autonomously process online purchases when, in reality, Nate “relied heavily on teams of human workers—primarily located overseas—to manually process transactions, mimicking what users believed was being done by automation.”8
In August 2025, the FTC issued an order prohibiting Workado from making misleading statements about its “product’s effectiveness at detecting content generated or altered by” AI.9 Workado sold a subscription service that purported to use AI to determine whether written content, including marketing content, is AI-generated. The FTC also ordered Workado to, among other things, notify its customers of the FTC’s position that Workado lacked proof for its claims about the accuracy rate of its product and specifically that Workado would not in the future “make claims about the accuracy of our AI content detection tools unless we can prove them.”10
Private Actors Are Also Jumping into the Fray
Though at the moment less common and less developed than those in the enforcement sphere, suits by private actors also have been filed over alleged AI washing.
For instance, investors have sued over public statements about the development of AI-related product features. In September 2024, software company GitLab’s investors sued regarding alleged misrepresentations about the incorporation of AI in the company’s products.11 These types of securities lawsuits are on the rise. A clearinghouse run by Stanford Law School tracking securities litigation logged seven AI-related cases in 2023, 15 in 2024, and already 12 just halfway through 2025.12
Consumers have also jumped into the fray. For example, in March 2025 a consumer class complaint was filed against Apple regarding alleged misrepresentations about Siri’s AI capabilities.13
Lessons Learned—Thus Far
As AI becomes more common, so too will lawsuits challenging claims made about its use. Companies would do well to put practices in place to minimize the risk of that litigation and set themselves up to best defend against it. The following are some early lessons gleaned from litigation and enforcement activity:
The Fundamentals Still Apply
AI may be new and trendy, but tests to measure whether marketing is legal remain the same. Current practices to prevent and defend against claims of misrepresentation still apply.
Know Your AI
Even if the legal tests remain the same, AI is complex and evolving at lightning speed. Invest the time and effort to understand the capabilities, limitations, and use cases for your AI. Document these efforts carefully so that any claims made about your AI are supported.
Align Your Legal and Marketing Teams
Ensure any AI-related claims proposed by technical or marketing teams are vetted by legal teams with sufficient technical competency to understand the claims made and how they compare with the actual capabilities of your product.
Distinguish Present and Future
Limit specific claims to the now existing, not aspirational, capabilities and use cases of your AI. Clearly delineate aspirational claims as forward-looking statements expressing hopes of how your AI might perform in the future.
Monitor Claims Made
Establish an audit system whereby marketing claims, both existing and aspirational, are regularly evaluated and updated for accuracy. This is especially important given the breakneck pace at which AI is developing, where even accurate claims can quickly become outdated and potentially misleading.
As companies rush towards the shining light that is AI, their statements are going to be scrutinized by both regulators and class action plaintiffs. Our attorneys can assist in assessing and mitigating these litigation and enforcement risks. Now is the time to prepare.
Footnotes
1 Press Release, Fed. Trade Comm’n, FTC Announces Crackdown on Deceptive AI Claims and Schemes (Sept. 25, 2024), www.ftc.gov/news-events/news/press-releases/2024/09/ftc-announces-crackdown-deceptive-ai-claims-schemes.
2 Id.
3 Complaint ¶¶ 4, 6, In re DoNotPay, Inc., FTC Docket No. 232-3042, (Sept. 25, 2024).
4 Id. ¶ 4.
5 Id. ¶ 20.
6 Decision and Order at 3-4, 10, In re DoNotPay, Inc., FTC Docket No. 232-3042 (Jan. 14, 2025).
7 Press Release, U.S. Dep’t of Justice, Tech CEO Charged in Artificial Intelligence Investment Fraud Scheme (Apr. 9, 2025), www.justice.gov/usao-sdny/pr/tech-ceo-charged-artificial-intelligence-investment-fraud-scheme; Press Release, U.S. Sec. & Exch. Comm’n, SEC Charges Founder and Former CEO of Artificial Intelligence Startup with Misleading Investors (Apr. 11, 2025), www.sec.gov/enforcement-litigation/litigation-releases/lr-26282.
8 Press Release, U.S. Dep’t of Justice, Tech CEO Charged in Artificial Intelligence Investment Fraud Scheme (Apr. 9, 2025), www.justice.gov/usao-sdny/pr/tech-ceo-charged-artificial-intelligence-investment-fraud-scheme.
9 Decision and Order at 2, Workado, LLC, No. C-4822 (FTC Aug. 21, 2025).
10 Id. § III, Att. A.
11 Complaint, Dkt 1, Dolly v. Gitlab, Inc., No. 3:24-cv-06244 (N.D. Cal. Sept. 4, 2024).
12 See Stanford Law Sch., Sec. Class Action Clearinghouse, securities.stanford.edu.
13 Complaint, Dkt. 1, Landsheft v. Apple, Inc., No. 5:25-cv-2668 (N.D. Cal. Mar. 19, 2025).