FinCEN Not Issuing Fines or Penalties in Connection with Beneficial Ownership Information Reporting Deadlines for Now
FinCEN announced that it will not issue any fines or penalties or take any other enforcement actions against any companies based on any failure to file or update beneficial ownership information (BOI) reports pursuant to the Corporate Transparency Act by the current deadlines.
For the vast majority of reporting companies, the current deadline to file an initial, updated, and/or corrected BOI report is March 21, 2025.
No fines or penalties will be issued, and no enforcement actions will be taken, until a forthcoming interim final rule becomes effective and the new relevant due dates in the interim final rule have passed.
FinCEN intends to issue the new interim final rule by no later than March 21, 2025. The new interim final rule will extend BOI reporting deadlines, according to FinCEN.
FinCEN also intends to consider making further substantive revisions to existing BOI reporting requirements, with the goal of minimizing burdens on small businesses while ensuring that reporting companies continue to submit BOI reports that are highly useful to important national security, intelligence, and law enforcement activities.
Reporting companies remain free to submit their BOI reports now or at any time before the current reporting deadlines. However, given FinCEN’s stated intention of extending the filing deadlines further, reporting companies may want to refrain from submitting their BOI reports until a date that is closer to the applicable reporting deadline.
FinCEN Again Delays CTA Reporting Deadlines and Suspends Enforcement
On February 27, 2025, the U.S. Financial Crimes Enforcement Network (FinCEN) announced that it intends to issue an interim final rule by March 21, 2025, with extended beneficial ownership information reporting deadlines [FinCEN Not Issuing Fines or Penalties in Connection with Beneficial Ownership Information Reporting Deadlines | FinCEN.gov]. It will not issue penalties or otherwise enforce failure to file initial or updated reports until the new interim final rule becomes effective.
FinCEN also plans later this year to solicit public comments in a notice of proposed rulemaking “to minimize burden on small businesses while ensuring that BOI is highly useful to important national security, intelligence, and law enforcement activities, as well to determine what, if any, modifications to the deadlines referenced here should be considered.”
For additional background on the CTA and other recent developments, including our previous alerts, please see: Corporate Transparency Act.
DOJ’S False Claims Act Based Civil Cyber-Fraud Initiative in 2024
The start of a new year presents an opportune time to reflect on the past. We have been tracking and reporting on the U.S. Department of Justice (“DOJ”)’s Civil Cyber-Fraud Initiative (“CCF Initiative”), which former U.S. Deputy Attorney General Lisa O. Monaco announced in October 2021. The CCF Initiative employs the powerful False Claims Act (“FCA”) in an effort to “hold accountable entities or individuals that put U.S. information or systems at risk by (1) knowingly providing deficient cybersecurity products or services, (2) knowingly misrepresenting their cybersecurity practices or protocols or (3) knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”
We previously offered insight into the first two FCA enforcement actions brought under this initiative, then a third, and a fourth. 2024 brought even more.
Towards the end of 2024, on October 22, 2024, DOJ announced an FCA settlement with a major public university relating to its alleged failure to comply with cybersecurity requirements for more than a dozen Department of Defense (“DOD”) and National Aeronautics and Space Administration (“NASA”) contracts and subcontracts. The university agreed to pay $1.25M to resolve allegations that it violated the FCA by failing to comply with cybersecurity requirements in fifteen contracts or subcontracts involving the DOD or NASA. The settlement resolves allegations brought by a chief information officer for the university’s Applied Research Laboratory in October 2022 under the FCA’s qui tam provisions.
The covered conduct includes allegations that the university failed to implement certain cybersecurity controls that were contractually required, and did not adequately develop and implement plans of action to correct deficiencies it identified. Specifically, the allegation was that the university did not implement certain National Institute of Standards and Technology requirements. There were no allegations that a third party ever breached any secured data within the university’s custody; the university’s alleged noncompliance alone was sufficient to fall in DOJ’s crosshairs.
Just a week prior, on October 15, 2024, a government services contractor agreed to pay $306,722 and waive $877,578 in potentially reimbursable remediation costs to settle allegations that it failed to properly protect personally identifiable information and personal health information of Medicare beneficiaries, resulting in a data breach. Despite the contractor promptly notifying Centers for Medicare and Medicaid Services (“CMS”) and cooperating with DOJ investigation, DOJ still pursued a FCA violation. The allegations stemmed from a shift to the electronic handling of “certain Medicare Support services” during the COVID-19 pandemic that the contractor provided to CMS between March 2021 and October 2022. Under its agreement with the CMS, the contractor was required to adhere to the Department of Health and Human Services (“HHS”)’s cybersecurity requirements. However, a subcontractor, whose servers were used to carry out the electronic task, was allegedly not in compliance with HHS’ cybersecurity requirements. Specifically, the subcontractor allegedly took screenshots from CMS systems that contained personally identifiable information and stored the screenshots without encryption, violating HHS’ cybersecurity requirements. Notably, per DOJ, “[t]he subcontractor’s server was breached by a third party in October 2022 and the unencrypted screenshots were allegedly compromised during that breach.”
These two FCA settlements under the CCF Initiative are only the latest reverberations of DOJ’s increased scrutiny on cybersecurity compliance to combat emerging cyber threats. There were others in 2024, including these three that were highlighted in DOJ’s annual recap of its FCA enforcement endeavors:
May 1, 2024: a staffing company agreed to pay $2.7M to resolve allegations that it violated the FCA by failing to implement adequate cybersecurity measures to protect health information obtained during COVID-19 contact tracing.
June 17, 2024: two consulting companies agreed to pay a combined $11.3M to resolve allegations that they violated the FCA by failing to meet cybersecurity requirements in contracts intended to ensure a secure environment for low-income New Yorkers to apply online for federal rental assistance during the COVID-19 pandemic.
August 22, 2024: DOJ filed an Amended Complaint against another major public university, alleging that it failed to meet certain cybersecurity requirements in its performance of DOD contracts. The university has moved to dismiss, and the motion is pending. The university’s argument is that the pertinent contract was for fundamental research and therefore not subject to DOD cybersecurity rules. DOJ contested the notion in its opposition and, as to materiality, took the position that “common sense alone supports the materiality of the cybersecurity requirements Defendants allegedly breached.” The university’s reply primarily dealt with the materials the Court could consider to resolve the issue. The matter is pending.
The enforcement actions brought in 2024 show the breadth of the CCF Initiative. That enforcement actions have been brought even where no breach occurred broadens the scope even more. What 2025 will bring, particularly in light of the administration change (and certain percolating constitutional challenges to components of the FCA), remains to be seen.
Whether the CCF Initiative continues in current form, name, or fervor, it nonetheless underscores the importance for contractors, subcontractors, grantees, and other forms of funding that have agreements with the government to pay close attention to the cybersecurity requirements of such agreements. If have not done so already, companies should consider engaging with counsel in concert with knowledgeable information technology professional (either external or internal) to:
understand their cybersecurity obligations on existing and future U.S. government contracts, subcontracts, grants and other forms of funding,
train employees,
implement information security controls such as access and network restrictions,
invest in and ensure regular compliance with upgrades, patches, and maintenance,
devise incident response plans and ransom strategies, and
operationalize internal whistleblowing.
And should a cyber incident occur, entities need to consider any Federal Acquisition Regulation (“FAR”) and/or agency FAR supplemental clause disclosure requirements in addition to any other Federal and state cyber incident reporting requirements applicable to the incident, e.g., HIPAA.
Enforcing Foreign Judgments in England and Wales: How to Avoid Stumbling Over Jurisdictional Hurdles
Enforcing foreign judgments in England and Wales is not always straightforward, especially for those countries where there is no reciprocal enforcement regime. However, the recent case of Shovlin v Careless and Others [2024] EWHC 324 (KB) clarifies the legal concepts underpinning this area and provides practical guidance for litigants hoping to successfully enforce US judgments in England and Wales.
Shovlin v Careless and Ors
The High Court’s decision in Shovlin v Careless and Ors concerned enforcement in England of a default judgment granted against defendant companies by the Superior Court of the State of California. The case explores the procedure for enforcing foreign judgments in England and Wales and the concept of voluntary submission in relation to jurisdiction.
The California proceedings were initiated in 2013 and concerned alleged fraud and defamation. The underlying dispute arose from events that mainly took place in 2008 between the claimant and the first to fifth defendants – English companies in well-known price comparison website business Money Expert Group. The claimant requested that judgment be given in default, as the defendants had failed to file a defence. At a “prove up hearing” to assess damages in 2019, the defendants’ lawyer made a “special appearance”, arguing that the case should be dismissed as they had not complied with the five-year rule. Under California law, civil proceedings should be brought to trial within five years of the action being commenced.
However, the California court was not persuaded by the defendants and ultimately granted default judgment in the claimant’s favour for $10,066,353 (the US Judgment). Following this, in October 2021, the claimant, a UK citizen who had resided in the United States for years, issued proceedings in the courts of England and Wales to enforce the judgment debt at common law.
How are foreign judgments enforced in England and Wales as a matter of common law?
The common law regime is the default regime for countries where there is no applicable treaty, statute or convention providing for enforcement. To be enforceable at common law, a judgment must be:
Final and conclusive in the court which pronounced it.
For a sum of money, but not for a fine, penalty or for taxes. Non-monetary relief is therefore not capable of enforcement through the common law regime.
On the merits of the claim. In accordance with criteria laid down by Lord Brandon in The Sennar No 2 [1985] 1 WLR 490, a decision on the merits must establish certain facts as proved (or not in dispute), state what the applicable principles of law are and find a conclusion regarding the effect of the principles on the facts of the case in hand.
Have been established as the appropriate jurisdiction. The foreign court must have established proper jurisdiction over the defendant in accordance with English private international law. Broadly, this means that the foreign court must have jurisdiction on a territorial or consensual basis. The original court will be deemed to have had territorial jurisdiction if the debtor was present in the foreign country when the proceedings were commenced, and consensual jurisdiction if the debtor agreed to the relevant jurisdiction, voluntarily appeared in the proceedings, or otherwise submitted to the foreign jurisdiction.
Defences to enforcement include that the judgment was obtained by fraud; the judgment is contrary to English public policy; the defendant did not have a fair opportunity to be heard; and the judgment is inconsistent with a prior judgment on the same subject matter and between the same parties.
The Enforcement Proceedings
In Shovlin, the claimant sought to enforce the US Judgment at common law (there being no relevant treaty or statute providing for enforcement of a US Judgment). It was common ground that the US Judgment was a final and conclusive judgment on the merits for a definite sum of money. The critical issue for determination before the High Court was whether the defendants had voluntarily submitted to the California court’s jurisdiction by making a special appearance at the prove up hearing. The claimant argued that the defendants’ appearance and participation could constitute an implied submission to the California court’s jurisdiction. The defendants maintained that they had only made the special appearance to contest jurisdiction and had therefore not made a general appearance which could imply submission to the jurisdiction.
Rejecting the claimant’s arguments, the High Court concluded that the defendants had not voluntarily submitted to the California court’s jurisdiction. As a result, the Court dismissed the case and ruled that the California judgment could not be enforced in England. The Court concluded that submission to the jurisdiction required the unambiguous waiving of objection to the California court’s jurisdiction and in this case the defendants’ attendance at the prove up hearing did not constitute such a waiver. Instead, the defendants had maintained their position that they did not recognise the California court’s jurisdiction to hear and determine the claim and had not unequivocally represented that objection was not being taken to that jurisdiction.
Key Takeaways
The Shovlin decision demonstrates that enforcing foreign judgments in England and Wales does not come without its challenges and not every foreign judgment is enforceable. It is necessary to scrutinise the foreign judgment, and certain underlying facts, at an early stage to ensure the requirements for enforcement can be met.
When considering whether jurisdiction was established in the foreign proceedings, the presence or submission of the defendant is often determinative. As highlighted by the decision in Shovlin, this can include appearing in the foreign court without contesting jurisdiction. If an appearance is necessary, then it should be made clear that jurisdiction is disputed in order to preserve this position at a later stage.
However, submission to a certain jurisdiction can also include agreeing to the jurisdiction in a contract. Therefore, it is important to check any contractual provisions relating to jurisdiction. If a particular court is specified, which is different from the foreign court that gave the judgment being enforced, then that judgment may not be enforceable.
Whilst it doesn’t appear to have been a significant in Shovlin, whether a defendant is given proper notice of any foreign proceedings can also impact the decision to permit enforcement in England. If a defendant is not given proper notice and has not had a fair opportunity to present their case, then it’s unlikely that any subsequent judgment from the foreign court will be enforceable.
Accordingly, if foreign proceedings are initiated with a view to enforcing any subsequent judgment abroad, litigants should consider, at the outset with their legal advisors including those in the jurisdiction where enforcement will be sought, the requirements that the judgment should meet for it to be successfully exported.
WAS THE FCC HACKED?: Tenlyx Respnse to FCC $4.5M NAL Over Scam Robocalls Hits Home
So Telnyx filed its response to the FCC’s $4.5MM NAL today and it is an incredibly interesting saga.
For those of you just catching up, Telnyx is a carrier that apparently allowed an outfit known as “MarioCop” onto its network.
MarioCop was able to target major players at the FCC–we’ll get just how major in a second–with a robocall scheme pretending to be an FCC fraud detection service. Ultimately the scammers were apparently trying to convince FCC staffers to fall for a gift card scam.
WHAT EVEN IS KYC?: Telnyx LLC CEO is Fighting Back Against Proposed $4.5MM FCC Penalty–and He Kind of Has A Point
If that sounds like a longshot, it is.
And Telnyx CEO David Casem has suggested his company was intentionally “swatted” by MarioCop who brought the FCC heat down on it.
But in this company’s NAL response–out today– Telnyx raises another issue that is jut fascinating– how did MarioCop have the personal cell phone numbers of so many FCC staffers to begin with?
As the NAL response says:
Commission employees (current and past) and their families were the primary and intentional targets of the calls placed by MarioCop. The persons reached include the current Chairman of the Commission, the Chairman of the Commission during President Trump’s first term, one current commissioner, numerous chiefs of staff, legal and policy advisors in the offices of all of the current commissioners and the last two Commission chairs, members of the front offices of the Enforcement Bureau, the Office of General Counsel, the Wireline Competition Bureau, the Office of the Managing Director, and staff attorneys of such bureaus and divisions, family members of Commission personnel, and other government officials and industry participants in the telecom policy ecosystem.
Wow.
As the response points out, “personal cell phone numbers of Commission personnel are not made publicly available by the agency, and the identities and personal cell phone numbers of their family members are not, either.”
So how in the world did MarioCop get all those phone numbers?
Hmmmm.
The answer to that question is just one of many lurking behind the FCC’s actions against Telnyx. And while it is tempting to say Telnyx must have done something wrong because ipso facto when the FCC gets targeted with a robocall scam the carrier is to blame, thee is more here than meets the eye.
Full response here: Telnyx Response
Press release here: Telnyx Press Release
Corporate Transparency Act Update – March 21, 2025 Filing Deadline
The Corporate Transparency Act (together with its implementing regulations, “CTA”) is a federal law that became effective at the beginning of 2024. The CTA imposes new reporting duties on most companies and their owners. You can learn more about the CTA here: FinCEN BOI Webpage. You can find our prior briefings on the CTA here: HWH CTA Client Briefing December 2023, here: HWH CTA Client Briefing November 2024, here: HWH CTA Client Briefing December 18, 2024, and here: HWH CTA Client Briefing December 27, 2024.
As a result of a February 18, 2025 decision by the U.S. District Court for the Eastern District of Texas in Smith, et al. v. U.S. Department of the Treasury, et al., beneficial ownership information (BOI) reporting requirements under the CTA are once again back in effect. However, FinCEN has generally extended the reporting deadline until March 21, 2025 for the vast majority of companies.
FinCEN also announced that, in keeping with the Treasury Department’s commitment to reducing regulatory burden on businesses, FinCEN expects to provide an update before such date of any further modification of this deadline, while prioritizing reporting for those entities that pose the most significant national security risks. Finally, FinCEN announced that it intends to initiate a process this year to revise the BOI reporting rule to reduce burden for lower-risk entities, including many U.S. small businesses.
FinCEN indicated that reporting companies that are able to rely on a hurricane-related extension to file their initial BOI report (as discussed in our HWH CTA Client Briefing November 2024) should follow the deadline permitted by such extension rather than the March deadline.
How Honest is Honest Enough in Your Job Application? (UK)
In 2019 a Mr Easton applied for a role with the Home Office to work in the Border Force. As part of that process he was required to fill in (without guidance) a blank box headed “Employment History” which he completed with details of prior roles held and the years in which each had begun and ended. While that information was true as far as it went, Easton’s taking that approach had the side-effect of obscuring that in 2016 he had been dismissed for gross misconduct and then been unemployed for three months, both matters which he accepted in cross examination in the Tribunal that the Home Office could well regard as relevant.
As indeed it did, for on its subsequent discovery of Easton’s 2016 dismissal, the Home Office sacked him in 2020 for his alleged lack of honesty in omitting from the application form the details necessary for it to identify any gaps in his employment.
Easton brought a welter of claims against the Home Office including unfair dismissal, victimisation, retaliation for whistle-blowing, and discrimination on grounds of both age and disability. By the time he reached the Employment Appeal Tribunal earlier this month, all his other claims had been abandoned or rejected and the question under appeal had been whittled down to a single issue, though phrased in a number of different ways – (i) did the Home Office have reasonable grounds to believe that his presentation of his employment history had been a deliberate and dishonest attempt to obscure the fact and nature of his 2016 dismissal and the jobless three months? Or, put differently, (ii) had the Home Office adequately considered the possibility that Easton had completed the application form in what he genuinely believed to be an appropriate manner, bearing in mind the absence of instructions on the form as to the detail required? And overall (iii) how could the Home Office reasonably believe him to have answered the question dishonestly simply by virtue of his not providing information it had not asked for?
No-one here suggested that CVs and job application forms attract the same “utmost good faith” obligations as some insurance forms, i.e. any duty to disclose potentially relevant circumstances even if not specifically requested. So from there, the EAT moved to the question of what the form did actually ask for, or rather, what Easton should have realised it was asking for.
Despite getting rave reviews from the EAT for his advocacy skills, Easton fared less well in terms of his actual evidence, parts of which were found to have been eloquently argued but basically untrue. In particular, he advanced simultaneously a number of different and fundamentally incompatible rationales for not adding the give-away details on the form. These included IT failure, the question not being asked, his belief that the Home Office already knew about the dismissal, its being irrelevant to the recruitment anyway, and his having mentioned it at interview, which the Employment Tribunal had found that he didn’t. In the end, once Easton admitted that he had been told by the Home Office pre-application that neither the 2016 dismissal nor the subsequent period of unemployment would necessarily be fatal to his appointment but would be considered case-by-case, he was effectively doomed. He had to have understood from that point that the Home Office would want to know about such incidents, and that that was the purpose of the “Job History” box. His then completing the application form in such a way as to conceal them was enough to allow the Home Office a reasonable basis on which to conclude on a balance of probabilities that that omission was deliberate. As a result, the ET’s original decision that he had been fairly dismissed was upheld.
This case turns on its own facts to some extent, but we can still take some useful pointers from it:
Job candidates are under no general obligation to volunteer information which is not requested.
So if as employer you are looking for details relevant to your assessment of that individual’s suitability for your role, be specific. The EAT said that “the suggestion that it needs to be spelled out to applicants that they should provide sufficiently precise dates to permit the vacancy-holder to understand any gaps has a slight air of unreality about it”, but ignore that – if you want the date of a job change, not just the year, then say so. If you want to know about gaps in employment records, or why your candidate left his last job, or whether he has any unspent convictions, say so.
If the application form comes back without the specific information requested, revert to the candidate and request it again. That kills off the otherwise inevitable argument that if as employer you so badly needed some information that you later sack the employee for not providing it, you shouldn’t have let them start in the first place.
Similarly, if the candidate does provide the requested information and that generates important further questions, ask them before they arrive (particularly in regulated sectors). If the job history reveals a three month gap, for example, was that spent looking for a job, on a pilgrimage, in Broadmoor?
To expand on that, the Home Office’s application form required Easton to tick a box to acknowledge that his application might be rejected or that he could be disciplined if he withheld “relevant details”. That tick was found relevant but not conclusive, since it left the question of what is a “relevant detail” to the job applicant. Here Easton was found to have known that earlier dismissals and periods out of work were seen as relevant, but that would not be the case every time.
But please do keep an eye on the information you seek, since pressing a candidate for details of relevant medical conditions or disabilities can get you into significant trouble if you ask too early, and the application is then refused. In addition, ETs will be very wary about dismissals for purported dishonesty in not disclosing mental health conditions on joining and then having the cheek to seek adjustments later – they may well be sympathetic to a claimant who argues that their condition was under control at the time of the appointment and so did not justify any mention, and/or that they feared not even getting a chance to prove themselves in the job if they told the truth. It may arguably be a form of dishonesty not to disclose such a condition, but there are few good arguments open to the employer for not recruiting them as a result. It might have been entirely legitimate for the Home Office not to have appointed Easton if there had been something in his earlier dismissal or time out of work which particularly bothered it, but it will be a brave employer indeed which argues that had it known of a candidate’s health condition, and despite their passing all the other entry conditions, it would not have hired them. You wince even just thinking about the reception that would get in Tribunal.
Corporate Transparency Act Filing Requirement Is Back
The new deadline to comply with the Beneficial Ownership Information (BOI) reporting requirements under the Corporate Transparency Act is March 21, 2025, as the nationwide injunctions preventing enforcement by the Financial Crimes Enforcement Network (FinCEN) have been lifted1. Most entities (corporations, limited liability companies, and limited partnerships) have until March 21, 2025, to file initial, corrected, and updated BOI reports. Newly formed entities will have 30 days from the date of formation to file their initial BOI reports. Reporting companies that previously submitted BOI reports do not need to take any further action unless there has been a change to the initially reported information.
A “reporting company” is a domestic entity created by filing with the Secretary of State of any state or a foreign entity registered to do business with the Secretary of State of any state, subject to 23 exemptions. Reporting companies must report the full legal name, birthdate, residential address, and a unique identifying number from a passport or driver’s license (along with a copy of the passport or driver’s license) for any person who directly or indirectly has at least a 25% ownership interest in the reporting company or exercises substantial control over the reporting company. Reporting companies can complete the BOI reports directly through FinCEN’s website.
FinCEN has also announced its intention to revise the BOI reporting rule to reduce the burden on “lower-risk entities.2” However, FinCEN has not provided details on the nature of the proposed revisions.
The Corporate Transparency Act is still being challenged in several cases across the country. On February 10, 2025, the U.S. House of Representatives unanimously passed a bill that would extend the filing deadline for reporting companies formed before January 1, 2024, by one year, to January 1, 20263. The bill has been referred to the Senate Committee on Banking, Housing, and Urban Affairs, but no action has been taken.
We continue to monitor ongoing legal challenges and proposed legislation related to the Corporate Transparency Act.
1 Smith, et al. v. U.S. Department of the Treasury
2 https://www.fincen.gov/sites/default/files/shared/FinCEN-BOI-Notice-Deadline-Extension-508FINAL.pdf
3 H.R.736 – Protect Small Businesses from Excessive Paperwork Act of 2025
First Circuit Joins Sixth and Eighth Circuits in Adopting “But-For” Causation Standard Under the Federal Anti-Kickback Statute for False Claims Act Liability
In 2010, as part of the Affordable Care Act, Congress resolved a highly litigated issue about whether a violation of the Anti-Kickback Statute (AKS) can serve as a basis for liability under the federal False Claims Act (FCA).
Specifically, Congress amended the AKS to state that a “claim that includes items or services resulting from a violation of [the AKS] constitutes a false or fraudulent claim for purposes of the [FCA].”
This amendment, however, did not end the debate over the relationship between the AKS and the FCA. Over the last several years, multiple courts have been called upon to interpret what it means for a claim to “result from” a violation of the AKS. Courts across the country are split on the correct standard. On February 18, 2025, the U.S. Court of Appeals for the First Circuit joined the Sixth and Eight Circuits in adopting a stricter “but-for” standard of causation—while the Third Circuit has previously declared that the government must merely prove a causal connection between an illegal kickback and a claim being submitted for reimbursement.
In United States v. Regeneron Pharmaceuticals, the First Circuit acknowledges that while the Supreme Court has held that a phrase like “resulting from“ imposes a requirement of actual causality (i.e., meaning that the harm would not have occurred but for the conduct), this “reading serves as a default assumption, not an immutable rule.” At the same time, the First Circuit found that nothing in the 2010 amendment contradicts the notion that “resulting from” required proof of but-for causation.
The First Circuit agreed that the criminal provisions of the AKS do not include a causation requirement but observed that different evidentiary burdens can exist for claims being brought for purposes of criminal versus civil liability. The First Circuit concluded that while the AKS may criminalize kickbacks that do not ultimately cause a referral, a different evidentiary burden can and should be applied when the FCA is triggered. As a result, the First Circuit affirmed the lower court’s decision that “to demonstrate falsity under the 2010 amendment, the government must show that an illicit kickback was the but-for cause of a submitted claim.”
Although the U.S. Supreme Court denied a petition to review this specific issue in 2023, it may once again be called upon to weigh in on this issue, as there inevitably will continue to be a division in how the courts interpret this “resulting from” language. Look for our upcoming Insight, where we explore the First Circuit’s decision in detail.
Epstein Becker Green Attorney Ann W. Parks contributed to the preparation of this post.
Trump Administration Makes First Round of Cartel Foreign Terrorist Organization Designations with Focus on Mexico and Venezuela
The US State Department has made its first round of designations pursuant to Executive Order 14157, “Designating Cartels and Other Organizations as Foreign Terrorist Organizations and Specially Designated Global Terrorists,” identifying eight international cartels and transnational organizations as Foreign Terrorist Organizations (FTOs) and Specially Designated Global Terrorists (SDGTs).
As Bracewell discussed earlier this month, these designations create criminal exposure for any entity — US or foreign — determined to have provided “material support” to one of these organizations. An entity may be found liable for providing “material support” to one of these organizations if it provides any property (tangible or intangible) or services, including currency, financial services, lodging, personnel and transportation.
To avoid unwittingly doing business with or providing material support to these newly designated FTOs and SGDTs, it is imperative that companies conduct renewed due diligence on their counterparties and supply chains, and reassess their anti-corruption controls and compliance measures.
The newly designated FTOs and SDGTs, and their leadership as alleged by US law enforcement, include:
Tren de Aragua (TdA). Key leadership includes: Hector Rusthenford Guerrero Flores, a/k/a “Niño Guerrero,” [1] Yohan Jose Romero, a/k/a “Johan Petrica,”[2] and Giovanny San Vicente, a/k/a “Giovanni.”[3]
La Mara Salvatrucha (MS-13). Key leadership includes: Edenilson Velasquez Larin, a/k/a “Agresor,” “Saturno,” “Tiny,” “Erick,” and “Paco;” andHugo Diaz Amaya, a/k/a “21” and “Splinter.”[4]
Cártel de Sinaloa. Key leadership includes: Ismael Zambada-Garcia, a/k/a “El Mayo,” and Joaquin Guzman Lopez, son of “El Chapo” Guzman.[5]
Cártel de Jalisco Nueva Generación (CJNG). Key leadership includes: Nemesio Rubén Oseguera Cervantes, a/k/a “El Mencho.”[6]
Cártel del Noreste (CDN). Key leadership includes: Juan Gerardo Trevino-Chavez, a/k/a “Huevo.”[7]
La Nueva Familia Michoacana (LNFM). Key leadership includes: Johnny Hurtado Olascoaga, a/k/a “El Pez,” and Jose Alfredo Hurtado Olascoaga, a/k/a “El Fresa.”[8]
Cártel del Golfo (CDG). Key leadership includes: Jose Alfredo Cardenas-Martinez, a/k/a “El Contador.”[9]
Cártel Unidos (CU).
In addition to international cartels that operate primarily in Mexico, this list includes two transnational organizations mentioned specifically in E.O. 14157: TdA, which originated in Venezuela but is also active in parts of South America, including Chile, Colombia and Peru; and MS-13, which originated in Los Angeles but is also active in Mexico and parts of Central America, including El Salvador, Guatemala and Honduras.
Companies conducting business in the countries listed above should beware of the organizations’ infiltration of legitimate industries. La Nueva Familia Michoacana and Cártel Unidos, for example, are heavily involved in the agricultural landscape of Michoacán, Mexico, particularly in the production of avocados. US law enforcement alleges that the Cártel de Jalisco Nueva Generación ran an elaborate time share fraud scheme that targeted US owners of time shares in Mexico.[10] Many cartels also operate legitimate businesses in order to launder money.
For more information, see “Guiding Your Company Through Trump’s New Latin America Enforcement Policy” or reach out to Bracewell’s government enforcement and investigations team for guidance.
[1] https://www.state.gov/reward-for-information-hector-rusthenford-guerrero-flores
[2] https://www.state.gov/reward-for-information-yohan-jose-romero/
[3] https://www.state.gov/reward-for-information-giovanny-san-vicente/
[4] https://www.justice.gov/usao-edny/pr/two-national-ms-13-gang-leaders-and-other-ms-13-members-and-associates-indicted
[5] https://www.ice.gov/about-ice/hsi/news/hsi-insider/notorious-sinaloa-cartel-leaders-arrested
[6] https://www.state.gov/nemesio-ruben-oseguera-cervantes-el-mencho-2
[7] https://www.ice.gov/news/releases/leader-cartel-del-noreste-arrested-following-ice-hsi-investigation
[8] https://ofac.treasury.gov/media/929446/download?inline
[9] https://www.ice.gov/news/releases/head-gulf-cartel-indicted-following-ice-hsi-federal-partner-assisted-investigation
[10] https://home.treasury.gov/news/press-releases/jy2465
Statute and Precedent Support Special Counsel’s Challenge to Termination
Late on February 7, President Donald Trump fired Special Counsel Hampton Dellinger, the head of the Office of Special Counsel (OSC). Dellinger quickly challenged his termination in court, arguing that the White House did comply with the for-cause removal protections afforded to the Special Counsel.
On February 12, the U.S. District Court for the District of Columbia issued a temporary restraining order (TRO) in favor of Dellinger preventing the White House from removing him from his position as Special Counsel. While the Trump administration appealed this order to both the D.C. Circuit and the Supreme Court, both courts chose not to weigh in on the issue before the TRO expires on February 26.
The termination of Special Counsel Dellinger is a dangerous decision which undermines the whistleblower system for federal employees, whistleblowers who are critical to rooting out waste, fraud and abuse in the federal government.
However, the statutory language is clear in protecting the Special Counsel from removal without-cause, and the constitutionality of that protection is in line with Supreme Court decisions on related protections.
The District Court ruling found that a TRO was suitable in this case because “there is a substantial likelihood that plaintiff will succeed on the merits,” pointing to the clear statutory language and the Supreme Court’s positioning on the constitutionality of the statute.
A hearing is scheduled for February 26, where the District Court Judge may issue a ruling on Dellinger’s motion for a preliminary injunction requesting the court to permit him to stay in his job and complete his 5-year term of office.
The Office of Special Counsel’s Statutory Background
The OSC, headed by the Special Counsel, was first established as part of the Merit Systems Protection Board (MSPB) with the passage of the Civil Service Reform Act of 1978. The Whistleblower Protection Act of 1989 expanded the powers of the OSC and removed it from within the MSPB, establishing the OSC as an independent agency.
The OSC increases transparency and accountability within the federal government by protecting federal employees from whistleblower retaliation and providing a secure channel for federal employee whistleblowers to report wrongdoing.
Under federal statute (5 U.S. Code § 1211) the Special Counsel “shall be appointed by the President, by and with the advice and consent of the Senate, for a term of 5 years.”
And the statute clearly states that “The Special Counsel may be removed by the President only for inefficiency, neglect of duty, or malfeasance in office.”
In its brief notice to Dellinger alerting him of his termination, the White House did not point to any issues with his performance as Special Counsel and has not raised any cause for doing so subsequently.
In its ruling, the District Court notes that “the effort by the White House to terminate the Special Counsel without identifying any cause plainly contravenes the statute. It further states that the statute’s language “expresses Congress’s clear intent to ensure the independence of the Special Counsel and insulate his work from being buffeted by the winds of political change.”
The White House’s firing of Special Counsel without cause is thus a clear violation of the law.
Constitutionality of For-Cause Removal Protections
According to the District Court ruling, the White House’s “only response to this inarguable reading of the text is that the statute is unconstitutional.” However, as the ruling elucidates, the Supreme Court has upheld for-cause removal protections for positions similar to the OSC and even recently explicitly carved the OSC out of a pronouncement about the President’s removal authority.
For close to a century, the Supreme Court has repeatedly weighed in on whether statutory protections for federal officials appointed by the President counter the removal powers of the Executive and are therefore unconstitutional. The Court’s rulings are clear that positions at independent agencies which exercise some level “quasi-judicial” powers can be protected through some form of for-cause removal limits.
In 1926, the Supreme Court ruled in Myers v. United States that the President had authority to remove a postmaster without Senate approval and that an 1876 law requiring Senate approval was unconstitutional as it interfered with the President’s constitutional duty of seeing that the laws be faithfully executed.
In subsequent rulings, however, the Supreme Court has clarified and narrowed this precedent by ruling that “the character of the office” at hand determined whether for-cause removal protections were constitutional.
In Humphrey’s Executor v. United States and Wiener v. United States, the Supreme Court held that the Myers precedent only held for executive officers restricted to the performance of executive functions. The Court ruled that for-cause protections are constitutional for officers at independent agencies who carry out quasi-legislative or quasi-judicial duties.
In its ruling, the District Court pointed to recent Supreme Court decisions striking down for-cause removal protections for specific offices and noted the clear distinctions drawn out by the Supreme Court between those posts and the Special Counsel.
For example, in striking down for-cause removal protections for the head of the Consumer Finance Protection Bureau (CFPB) in 2020 in Seila Law LLC v. Consumer Fin. Prot. Bureau, the Court affirmed that the OSC is distinct and not implicated in that ruling because the Special Counsel “exercises only limited jurisdiction to enforce certain rules governing Federal Government employers and employees” and “does not bind private parties at all.”
The District Court also pointed to the Supreme Court’s 2021 ruling in Collins v. Yellin, which found that a statute prohibiting the President’s firing of the Federal Housing Finance Agency (FHFA) director violated the separation of powers. In that ruling, the Supreme Court pointed to the FHFA’s ability to impact ordinary Americans through direct regulation or action. The OSC by contrast, “is not an agency endowed with the power to articulate, implement, or enforce policy that affects a broad swath of the American public or its economy,” according to the District Court ruling.
“In sum, the OSC is an independent agency headed by a single individual, but otherwise, it cannot be compared to those involved when the Supreme Court found the removal for cause requirement to be an unconstitutional intrusion on Presidential power,” the District Court ruled.
Conclusion
The role of the Special Counsel is critical to the functioning of the system of whistleblower protections in place for federal employees. Recognizing the need for his position to be free from Presidential interference, Congress explicitly prohibited the termination of the Special Counsel without cause, a prohibition backed up by Supreme Court precedent.
This dangerous decision to terminate Special Counsel Dellinger should thus be struck down in court. In doing so, the Special Counsel can continue its critical work in protecting federal employee whistleblowers and empowering federal employees to expose corruption, fraud, waste, and abuse and, in turn, save taxpayers billions of dollars.
The District Court’s TRO is an important first step, and future court rulings should follow suit given the clear statutory language and the Supreme Court’s previous rulings on Presidential removal authority.
Geoff Schweller also contributed to this article.
Waffles, Passports and Trustee Directors – Part Two
Part one of this blog covered the new requirement for company directors (including trustee directors) and persons with significant control to verify their identity with Companies House. They will be able to do this voluntarily from 25 March 2025 (the week during which national cocktail-making day, national cleaning week and international waffle day will be celebrated in the US). This requirement is part of measures introduced under the Economic Crime and Corporate Transparency Act 2023 (ECCTA). But are these measures proportionate? Surely there can’t be that many companies in England and Wales registered for fraudulent purposes?
In 2023, the BBC reported that between June and September of that year alone, over 80 companies had been set up using the residential addresses of unsuspecting people living in the same street in Essex. Experts speculated that these companies had been registered in order to launder money or to take out bank loans before closing down the companies and disappearing.
In another case in March 2024, one individual managed to file 800 false documents at Companies House in a short space of time, which recorded the false satisfaction of charges registered by lenders against a total of 190 different companies. Having an accurate register of charges at Companies House is important because it governs the order of priority of payment of debts and, if a company is in financial difficulties, it influences the route by which administrators are appointed and to whom notice must be given.
Meanwhile, Tax Policy Associates, a not for profit company, has published details of its many investigations into fraudulent entities that have been able to set up and use UK registered companies as cover. The investigations it has carried out provide a fascinating insight into the magnitude of the problem. In a few quick steps, Tax Policy Associates demonstrates on its website how it was able to identify a £100 trillion fake company registered at Companies House. It has also highlighted a new scam letter being sent to directors of newly incorporated UK companies from “Company Registry” requiring them to pay a fee, which is one of the ways in which your personal data, published by Companies House, is being used by criminals.
If all this talk of fraud, and the ready availability of personal data filed at Companies House, is making you feel a bit uncomfortable then there is some potentially good news.
An individual whose residential address is/has been used as a registered office address in the past (whether knowingly or unknowingly) can apply to have their residential address supressed on Companies House records.
From summer 2025, individuals will be able to apply to have their date of birth appearing in documents that were filed before 10 March 2015 supressed. (Since 10 March 2015, Companies House has only ever published the month and year of birth.) Documents containing personal data, such as directors’ appointment forms, continue to be publicly available even after you have ceased to act as a director of a company.
In a similar vein, from summer 2025, individuals will also be able to request that their business occupation and signature are supressed in documents appearing at Companies House.
We do not have the detail around this yet, so it may be that the process and costs involved with redacting public documents might prove disproportionate for the majority of people. By way of example, the process for seeking to suppress a residential address involves identifying each document that needs to be redacted, completing a form and paying a £30 fee for each document that you want to get amended. Nor can you submit a subject access request to Companies House asking it to identify all documents that contain your personal data, because Paragraph 5 of Schedule 2 Part 1 of the Data Protection Act 2018 would likely exempt Companies House from this requirement. You would need to do the trawl yourself through a company’s filing history at Companies House.
It is to be hoped that in the not too distant future, there will be some sort of AI tool that will facilitate this process, meaning that submission of one request would result in the redaction of all sensitive personal data from Companies House publicly available records. Until then, however, it might prove a bit of a challenge if you are seeking to suppress any personal data published at Companies House, even once that facility becomes available. If you are interested in pursuing this, or would like further information or assistance, please speak with your usual SPB contact.
So, what will you be doing during the third week in March? Perhaps you will be celebrating the first anniversary of TPR’s general code of practice, which came into force on 28 March 2024.