New York AG Settles with School App
The New York Attorney General recently entered into an assurance of discontinuance with Saturn Technologies, operator of an app used by high school and college students. The app was designed to be a social media platform that assists students with tracking their calendars and events. It also includes connection and social networking features and displayed students’ information to others. This included students’ location and club participation, among other things. According to the NYAG, the company had engaged in a series of acts that violated the state’s unfair and deceptive trade practice laws.
In particular, according to the attorney general, although the app said that it verified users before allowing them into these school communities, in fact anyone could join them. Based on the investigation done by the AG, the majority of users appeared not to have been verified or screened to block fraudulent accounts. In other words, accounts that were not those of students at the school. This was a concern, stressed the AG, as the unverified users had access to personal information of students. The AG argued that these actions constituted unfair and deceptive trade practices.
Finally, the AG alleged that the company did not make it clear that “student ambassadors” (who promoted the program) received rewards for marketing the program. As part of the settlement, the app maker has agreed to create and train employees and ambassadors on how to comply with the FTC’s Endorsements Guides by, among other things, disclosing their connection to the app maker when discussing their use of the app.
Putting It Into Practice: This case is a reminder to review apps directed to older minors not only from a COPPA perspective (which applies to those under 13). Here, the NYAG has alleged violations stemming from representations that the company made about the steps it would take to verify users. It also signals expectations in New York for protecting minors if offering a social media platform intended only for that market.
Listen to this post
CMS’s ACA Marketplace Integrity and Affordability Proposed Rule – What it may mean for Health Plans
Earlier this month, the Centers for Medicare & Medicaid Services (CMS) released its 2025 Marketplace Integrity and Affordability Proposed Rule (Proposed Rule), proposing a number of enrollment and eligibility policies impacting both Federal and State Exchanges. While CMS frames these policies as necessary to combat fraud and abuse, the impact will be a reduction in enrollment in the ACA Marketplace – with the Proposed Rule estimating that between 750,000 and 2 million fewer individuals enroll in health insurance plans on the Exchanges in 2026.
The effective date of most of these provisions also coincides with the expiration of the enhanced premium subsidies, which the Biden administration extended through December 31, 2025 through the Inflation Reduction Act (IRA). These enhanced subsidiaries increased the amount of financial assistance individuals received and expanded eligibility for assistance. On December 5, 2024, the Congressional Budget Office wrote a letter to Congress indicating that the failure to extend these subsidies would result in 2.2 million individuals losing coverage in 2026 and an increase in premiums by 4.3%.
This article outlines the major provisions of the Proposed Rule, followed by a discussion of their potential impact on plans participating in the ACA Marketplace.
Key Provisions of the Proposed Rule
Income Verification Policies. In its Proposed Rule, CMS proposes several changes to the income verification process for applicants to apply through the Exchanges. Although CMS stated that these policies are necessary to combat fraud, CMS provided limited examples and evidence of fraud. Such policies include:
Removing the exception allowing Exchanges to rely on an applicant’s self-attestation of projected income, if the Internal Revenue Service (IRS) does not have tax return data to verify household income and family size. Exchanges would need to verify individuals’ enrollment, requiring enrollees to provide additional documentation.
Requiring additional income verification in instances where an applicant’s self-reported projected household income is between 100% and 400% of the Federal poverty level (FPL) but federal tax or other data shows that an applicant’s prior year’s income was below 100%. Individuals would have to prove that their income for the upcoming year is between 100% to 400% of the FPL or be unable to enroll in a plan on an Exchange. This change intends to attempt to identify individuals who may “overinflate” their income to be eligible for coverage. Currently, no income verification is required if the applicant projects a higher income than in their tax return.
Eliminating an automatic 60-day extension (in addition to the general 90-day deadline) when documentation is needed to verify household income in instances of income inconsistency.
Allowing Insurers to Deny Coverage for Past Due Premiums. CMS proposes to repeal a provision which currently prohibits insurers from requiring enrollees to pay past-due premium amounts in order to receive coverage under a new insurance policy or contract term. CMS consequently proposes, subject to state law, to allow insurers to add an enrollee’s past-due premium amount to the initial premium amount the enrollee must pay to effectuate coverage under a new policy or contract term and allow insurers to deny coverage to individuals if the total of past-due premiums and the initial premium amount are not paid in full. The stated purpose of this policy is (i) to curtail individuals from taking advantage of guaranteed coverage and seeking coverage when they need health care services, and (ii) to strengthen the risk pool and lower gross premiums.
Revision of Premium Payment Thresholds. CMS proposes to remove flexibilities that currently allow insurers to implement a fixed dollar and/or gross percentage-based premium payment threshold. Under current rules, insurers may consider enrollees to have fully paid their premiums if (i) under the fixed-dollar premium payment threshold, the enrollee has paid a total premium amount such that the unpaid remainder is $10 or less (adjusted for inflation), or (ii) under the gross percentage-based premium payment threshold, the enrollee has paid a total premium amount sufficient to achieve 98% or greater of the total gross monthly premium of the policy before the application of the advance premium tax credit (APTC). Under the Proposed Rule, insurers would only be allowed to implement a net premium percentage-based payment method where enrollees can meet the threshold by paying a total premium amount sufficient to achieve 95% or greater of the total net monthly premium amount owed.
Ineligibility for APTCs after one Year of Failing to Reconcile. CMS proposes to revise the “failure to file and reconcile process” by reinstating a 2015 policy that requires Exchanges to determine whether an individual is ineligible for the APTC if he or she did not file a Federal income tax return and reconcile their APTC amount in any given year. Currently, individuals will be deemed ineligible for failure to file and reconcile for a two-year span.
Changes to Open and Special Enrollment Periods. Under the Proposed Rule, CMS also seeks to shorten the Open Enrollment Period (OEP) and make several changes to Special Enrollment Periods (SEPs), including:
Shortening the OEP for all individual market Exchanges and off-Exchange individual health insurance (that are non-grandfathered) from November 1st to January 15th to November 1st to December 15th.
Removing the “low-income SEP” from both the Federal and State Exchanges. Currently, individuals whose projected household income is at or below 150% of the FPL have a SEP under the Federal and most State-based Exchanges whereby they can enroll or change plans on a monthly basis. CMS is proposing to remove this SEP. The stated purpose of this action is to reduce adverse selection (i.e., reduce the number of enrollees who sign up for health insurance only when they need coverage).
Requiring pre-enrollment verifications for applicants seeking coverage through a SEP. Currently, the Exchanges allow applicants to self-attest that, due to a change of circumstance, they qualify for a SEP (e.g., loss of employer coverage, marriage). The Proposed Rule would change the ability to self-attest and require applicants to submit documentation to the Exchanges.
Requiring Active Re-Enrollment. CMS also seeks to eliminate automatic re-enrollment for fully subsidized enrollees by proposing to require that enrollees whose premium payment amount would be $0 after application of the APTC, would be required to pay a $5 monthly premium until they update their Exchange application with an eligibility redetermination confirming their eligibility for the APTC.
Repeal of Bronze to Silver Plan Cross-Walking. CMS proposes to repeal regulations that currently allow Exchanges to move enrollees eligible for cost sharing reduction, which covers the cost of out-of-pocket healthcare costs and deductibles, from a bronze Qualified Health Plan (QHP) to a silver QHP for an upcoming plan year if a silver QHP is available (i) in the same product, (ii) with the same provider network, and (iii) with a lower or equivalent net premium post APTC-application.
Ineligibility of DACA Recipients. CMS proposes to remove Deferred Action for Childhood Arrivals (DACA) recipients from the definition of “lawfully present,” which in effect renders DACA recipients ineligible for enrollment in a QHP through the Exchange.
Prohibition of Coverage of Gender Affirming Care. CMS proposes to prohibit health insurance plans subject to the ACA’s essential health benefits (EHBs) from providing sex-trait modification, also commonly known as gender-affirming care, beginning Plan Year 2026. EHBs are ACA required minimum coverage categories that plans subject to the ACA must cover; EHBs are state or region specific and are determined based upon comparison to an EHB-benchmark plan that all other plans must mirror. This prohibition would in effect restrict all non-grandfathered insurance plans in the individual and small group markets, on- and off- Exchange, from covering sex-trait modification services.
Updates to the Premium Adjustment Methodology. CMS further seeks to update the premium adjustment methodology, which is used to set several different coverage parameters, including maximum out-of-pocket cost-sharing (MOOP), premiums, and tax credits. By way of background, the current premium adjustment methodology took a more stable approach given the uncertainty of premiums during the end of the COVID-19 Public Health Emergency. Under the Proposed Rule, beginning in 2026, CMS is proposing using an adjusted private individual and group market health insurance premium measure. Such a change will likely cause an increase of MOOP and an increase in premiums.
Updating De Minimis Thresholds. Plans on the Exchange are considered bronze, silver, gold, and platinum based on their actuarial value – whereby bronze plans must cover 60% of an average enrollee’s costs, silver plans cover 70%, gold plans cover 80%, and platinum plans cover 90%. Insurers may offer a specific plan if it is within a “de minis range” of this target value – for example, insurers may offer bronze plans so long as the actuarial value is within +5% and -2% of 60%. Similarly, insurers can offer a silver, gold, and platinum plan, if its value is within +2/-2 percentage points. CMS proposes to change the de minimis ranges to +2/-4 percentage points for all individual and small group market plans subject to the actuarial value, except expanded bronze plans. Further, CMS seeks to include a de minims range of +1/-1 percentage points for income-based silver cost-share reduction plan variations (which was previously −0/+1 percentage points). In the Proposed Rule, CMS estimates that this proposal would decrease premiums by one percent; however, it is likely to reduce the APTCs available.
Evidentiary Standard for Terminating Agents and Brokers. The Proposed Rule seeks to revise the standard for the Department of Health and Human Services (HHS) to terminate for-cause agents, brokers, and web-brokers from the Federally-facilitated Exchange by adding a “preponderance of the evidence” standard of proof regarding issues of fact. HHS may terminate its agreements with agents, brokers, and web-brokers for-cause for instances of non-compliance, fraud, and abusive conduct. Currently, regulations do not indicate an evidentiary standard HHS must apply; instead, the regulation states that HHS may terminate “in HHS’s determination.” CMS states that this change would “improve transparency in the process of holding agents, brokers, and web-brokers accountable for compliance.”
Potential Impacts to Plans
This Proposed Rule will have a direct impact on enrollment in the Exchanges. By adding measures that will increase premiums, reduce APTCs, and increase the administrative burden of applying and verifying enrollment, CMS will in effect discourage enrollment and decrease the number of individuals eligible for enrollment. Further, the changing rules may specifically discourage younger and/or healthier individuals from enrolling. This decrease in enrollment, coupled with the expected decrease in enrollment due to the expiration of the enhanced subsidies, could threaten the stability of the ACA Marketplace in the long run.
FinCEN Issues Interim CTA Rule, U.S. Entities and Individuals Exempted From Reporting
Highlights
The Financial Crimes Enforcement Network (FinCEN) issued an interim final rule that changes requirements for reporting beneficial ownership information (BOI) under the Corporate Transparency Act
The rule narrows existing reporting requirements and requires only entities previously defined as “foreign reporting companies” to report BOI
FinCEN defines new exemptions from reporting for domestic entities and U.S. persons
The Financial Crimes Enforcement Network (FinCEN) recently issued a press release concerning the issuance of a new interim final rule that removes requirements for U.S. companies and persons to report beneficial ownership information (BOI) to FinCEN under the Corporate Transparency Act (CTA).
Consistent with the U.S. Department of the Treasury’s March 2, 2025, announcement, FinCEN is adopting the interim final rule to narrow BOI reporting requirements under the CTA to apply only to entities previously defined as “foreign reporting companies.”
In the new interim final rule, FinCEN revises the definition of “reporting company” to mean only those entities that are formed under the law of a foreign country and that have registered to do business in any U.S. state or tribal jurisdiction by filing a document with a secretary of state or similar office (such entities, previously defined as “foreign reporting companies”).
Additionally, FinCEN adds a new exemption available to entities formed in the U.S., previously defined as “domestic reporting companies.” Such entities are exempt from BOI reporting and do not have to report BOI to FinCEN, or update or correct BOI previously reported to FinCEN.
Thus, through the interim final rule, entities created in the United States – along with their beneficial owners – are exempted from requirements to report BOI to FinCEN.
Two Changes for Foreign Reporting Companies
With limited exceptions, the interim final rule does not change existing requirements for foreign reporting companies. However, the new interim rule does make two significant modifications to such requirements:
The interim rule extends the deadline to file initial BOI reports, and to update or correct previously filed BOI reports, to 30 calendar days from the date of its publication to give foreign reporting companies additional time to comply.
The interim final rule exempts foreign reporting companies from having to report the BOI of any U.S. persons who are beneficial owners of the foreign reporting company and exempts U.S. persons from having to provide such information to any foreign reporting company of which they are a beneficial owner.
Foreign entities that meet the new definition of a “reporting company” and do not qualify for an available exemption must report their BOI to FinCEN in compliance with these new deadlines.
Under the new interim rule, a reporting company is any entity that is:
a corporation, limited liability company, or other entity
formed under the law of a foreign country
registered to do business in any state or tribal jurisdiction by the filing of a document with a secretary of state or any similar office under the law of that state or Indian tribe
Reporting companies that registered to do business in the United States before the date of publication of the interim final rule must file BOI reports no later than 30 calendar days from the date of the new interim rule’s publication in the Federal Register. Reporting companies that register to do business in the United States on or after the date of publication of the interim final rule have 30 calendar days to file an initial BOI report after receiving notice their registration is effective.
FinCEN is accepting comments on this interim final rule until 60 days after it is published in the Federal Register and notes that it will assess the exemptions included in the subsequent final rule, as appropriate, in light of those comments. It intends to issue a final rule this year.
How the Trump Administration’s War on Cartels Will Reshape the Financial Sector
On March 11, 2025, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a Geographic Targeting Order (GTO) aimed at disrupting drug trafficking and money laundering along the southwestern border. The GTO significantly lowers the Currency Transaction Reports (CTR) threshold from $10,000 to $200 for money service businesses (MSBs) operating in 30 zip codes across California and Texas. Treasury Secretary Scott Bessent emphasized the move as part of a broader effort to curb cartel influence, underscoring “deep concern with the significant risk to the U.S. financial system [from] the cartels, drug traffickers, and other criminal actors along the Southwest border.”
Despite its broader deregulatory agenda, the Trump administration has made clear that financial crime regulations — particularly those targeting money laundering, sanctions compliance, and illicit financing — are exceptions to its broader policy shift. The administration’s intensified crackdown on drug cartels underscores the financial sector’s growing role in national security and foreign policy enforcement. Banks and regulated institutions operating along the U.S.-Mexico border, or with substantial exposure to Mexico and Central America, must prepare for heightened compliance and due diligence expectations.
The Southwest Border GTO: A Glimpse into FinCEN’s Enforcement Priorities
GTOs compel financial institutions to implement heightened monitoring and reporting measures within specific high-risk regions. These orders, typically in effect for 180 days with the possibility of renewal, serve as a key intelligence-gathering and enforcement tool to disrupt illicit financial flows.
The March 11 GTO affects MSBs — including foreign exchange dealers, check cashers, issuers of traveler’s checks, and money transmitters — rather than banks. However, its implications extend far beyond these institutions. The drastic reduction of the CTR threshold to $200 reflects the cartels’ ability to efficiently launder drug proceeds through small, frequent transactions that evade traditional detection mechanisms.
Should the data gathered from this GTO indicate widespread illicit activity, regulators may extend its reach to regional and community banks, imposing even greater compliance burdens. More critically, the order signals heightened regulatory scrutiny on financial institutions’ roles in detecting and preventing cartel-related transactions. Banks with exposure to high-risk sectors must proactively enhance monitoring systems, train staff on emerging threats, and prepare to demonstrate robust compliance measures during regulatory examinations.
Drug Cartels as Terrorist Organizations: A Paradigm Shift for Financial Institutions
On his first day in office, President Trump signed an executive order initiating the designation of certain drug cartels as Foreign Terrorist Organizations (FTOs). On February 20, the State Department formally classified eight cartels under this designation, triggering sweeping legal and financial consequences.
Under U.S. law, FTO designation prohibits financial institutions from conducting transactions with these organizations and mandates the immediate blocking or freezing of assets linked to them. The move significantly expands the enforcement scope of the Treasury’s Office of Foreign Assets Control (OFAC), which oversees sanctions on terrorist organizations and other prohibited entities.
For financial institutions, this shift requires a fundamental reassessment of compliance strategies. Banks must refine sanctions screening processes, update risk management frameworks, and bolster due diligence measures to ensure they do not inadvertently facilitate transactions tied to these entities. Even transactions that do not explicitly list cartel-affiliated individuals or businesses may pose risks, necessitating enhanced scrutiny of financial flows originating from cartel-controlled regions.
In addition to shifting compliance strategies, the new FTO designation carries with it a risk for increased civil litigation against banks under the Anti-Terrorism Act (ATA). From approximately 2014 to present, federal courts throughout the country have seen an increase in civil matters against banks for providing financial services to FTOs and/or their affiliates, and therefore aiding and abetting acts of terrorism. While these claims ordinarily involve foreign banks predominantly located in the Middle East, Russia, China, and Europe, this new designation and the accompanying GTO could result in similar lawsuits against U.S. depository institutions.
Cartels have embedded themselves in diverse sectors — including agriculture, mining, transportation, and even financial services — complicating compliance efforts. Institutions that fail to adapt face increased criminal and civil liabilities, underscoring the urgent need for proactive risk mitigation measures.
The Road Ahead: Navigating an Intensified Regulatory Landscape
As the Trump administration intensifies efforts to dismantle cartel financial networks, financial institutions must brace for a rapidly evolving regulatory environment. Enhanced reporting obligations, stricter compliance requirements, and expanded due diligence mandates are set to redefine risk management strategies across the sector.
Institutions operating along the U.S.-Mexico border will be particularly affected, navigating the dual pressures of FinCEN’s GTO mandates and broader cartel-related sanctions. Strengthening internal controls, refining anti-money laundering frameworks, and integrating advanced transaction monitoring tools will be critical in maintaining compliance and mitigating legal risks.
While these regulatory shifts may impose short-term costs, they ultimately safeguard financial institutions from unwitting involvement in illicit activities. More importantly, they reinforce the industry’s pivotal role in national security efforts, ensuring that the financial system remains a bulwark against transnational crime.
By staying ahead of regulatory developments and embracing a proactive compliance posture, banks and financial institutions can not only protect themselves but also contribute meaningfully to the broader fight against cartel-driven financial crime.
FinCEN Eliminates Corporate Transparency Act’s Reporting Obligations for U.S. Persons
On March 21, 2025, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) released an interim final rule (Interim Rule) that broadly eliminates Beneficial Ownership Information (BOI) reporting under the Corporate Transparency Act (CTA) for all U.S. reporting companies and all U.S. beneficial owners of foreign reporting companies. Under the Interim Rule, which FinCEN is implementing immediately, only companies created under foreign law and registered to do business in the U.S. will be required to submit BOI reports (unless otherwise exempt), and only foreign beneficial owners of such nonexempt foreign entities will be reportable.
Based on FinCEN’s estimates supporting the original BOI Rule (Original Rule), exempting all U.S. reporting companies shrinks the compliance universe by 99.8 percent.
How Did We Get Here?
The CTA whiplash, playing out in courts since early December, took a sharp turn by the government over the last month. On February 18, FinCEN restored the reporting obligations under the Original Rule after the last nationwide injunction against the CTA had been lifted at the government’s request. FinCEN gave reporting companies a grace period for compliance that would have ended, for most companies, on March 21.
Then, on February 27, FinCEN announced that it was suspending CTA enforcement pending a formal extension of the compliance deadlines beyond March 21. On March 2, the U.S. Treasury took this a step further, announcing the total suspension of CTA enforcement against U.S. persons and a rulemaking process “that will narrow the scope of the [BOI] rule to foreign reporting companies only.”
The Interim Rule puts this policy change into effect. The primary legal basis for this “narrowing” is a provision of the CTA that provides a regulatory process by which the U.S. Treasury may, subject to several statutory requirements, create additional exemptions from the BOI reporting obligations. In a court filing made after the March 2 announcement, the government elaborated on the policy change by noting the U.S. Treasury “intends to focus on foreign entities that could engage in illicit transactions from abroad.”
Policy Change or a New CTA?
Congress enacted the CTA to combat money laundering, the financing of terrorism, and other serious financial crimes by requiring tens of millions of private companies operating in the U.S. to identify their beneficial owners and disclose to FinCEN personal information about such companies and beneficial owners. FinCEN stores this information in a secure, nonpublic electronic warehouse for law enforcement purposes. Yet, FinCEN pegs the estimated number of reporting companies subject to the Interim Rule at less than 12,000 annually. Supporters of the CTA point to this fact, and findings made by Congress that bad actors conceal their ownership of entities in the U.S. to facilitate illicit transactions, in their criticism of the policy change. We could see judicial scrutiny of the Interim Rule if a plaintiff with legal standing decides to bring a case.
FinCEN is soliciting comments from the public on the Interim Rule, noting it “will assess the exemptions [in the Interim Rule], as appropriate, in light of those comments and intends to issue a final rule this year.” Among other unanswered questions, the Interim Rule does not address how BOI received by FinCEN from U.S. companies and their beneficial owners will be handled – nearly 16 million reports under the Original Rule were submitted to FinCEN prior to March 21.
Expect the CTA Saga to Continue
In addition to potential legal challenges to the Interim Rule, numerous cases challenging the CTA remain on court dockets and will continue to work their way through the legal process. Separately, some state legislatures have shown interest in developing their own versions of the CTA (which could be impacted by the ultimate resolution of the pending cases against the CTA), with New York having adopted the New York LLC Transparency Act (applicable to limited liability companies formed or registered to do business in New York and set to take effect January 1, 2026).
New York Attorney General Proposes Bill to Expand Consumer Protection Law
On March 13, New York Attorney General Letitia James announced the introduction of the Fostering Affordability and Integrity through Reasonable Business Practices Act (FAIR Business Practices Act). The proposed legislation seeks to extend the state’s existing ban on deceptive business practices to also prohibit unfair and abusive practices, aligning New York with 42 other states.
The bill, introduced in both state Senate and Assembly, would enhance enforcement capabilities for the Office of the Attorney General (OAG) and private consumers, including the ability to seek civil penalties and restitution for UDAAP violations. According to Attorney General James, the legislation is needed to tackle a host of consumer harms, including:
Subscription cancellations. Preventing companies from making it unreasonably difficult for consumers to cancel recurring payments.
Debt collection abuses. Prohibiting debt collectors from improperly seizing Social Security benefits or nursing homes from suing relatives of deceased residents for unpaid bills.
Auto dealer practices. Prohibiting car dealerships from withholding a customer’s photo identification until a sale is finalized.
Student loan servicing misconduct. Restricting student loan servicers from steering borrowers into costlier repayment plans.
Exploitation of limited English proficiency consumers. Addressing deceptive practices targeting non-English-speaking consumers.
Junk fees and hidden costs. Reducing unnecessary and deceptive charges in various industries, including healthcare and lending.
Artificial intelligence (AI) scams and online fraud. Strengthening enforcement against AI-driven scams, phishing schemes, and deceptive digital marketing practices.
The proposal has garnered support from former CFPB director Rohit Chopra and former FTC Chair Lina Khan, both of whom have emphasized the need for stronger state-level enforcement against deceptive and abusive business practices.
Putting It Into Practice: New York’s proposed legislation is the latest example of a growing trend among states taking a more active role in consumer protection enforcement (previously discussed here and here). This also highlights how some states are proactively responding to the CFPB’s state-level consumer protection recommendations from January, which encourage the adoption of the “abusive” standard (previously discussed here). With ongoing uncertainty surrounding the future of the CFPB, more states are likely to step in to fill the regulatory void by expanding their own consumer protection laws.
Listen to this post
The Government Contractor: False Claims Act Liability Based On A DEI Program? Let’s Think It Through
One of the more attention-grabbing aspects of Executive Order 14173, “Ending Illegal Discrimination and Restoring Merit-Based Opportunity,” is the specter of False Claims Act liability for federal contractors based on their Diversity, Equity, and Inclusion (DEI) programs. Many workplace DEI programs have been viewed as a complement to federal anti-discrimination law—a tool for reducing the risk of discrimination lawsuits. The new administration, however, views DEI programs as a potential source of discrimination. EO 14173 proclaims that “critical and influential institutions of American society … have adopted and actively use dangerous, demeaning, and immoral race- and sex-based preferences under the guise of so-called ‘diversity, equity, and inclusion’ (DEI) or ‘diversity, equity, inclusion, and accessibility’ (DEIA) that can violate the civil- rights laws of this Nation.” To counteract this potential “illegal” use of DEI programs, the Trump administration is leveraging the FCA, a powerful anti-fraud statute, to enforce its policy within the Federal Government contractor community.
We discuss below the framework of the FCA, how it might apply to federal contractor DEI programs under the administration’s orders, and potential hurdles the Government may face in pursuing FCA claims based on a contractor’s allegedly illegal DEI program. We recommend steps contractors can take to mitigate potential FCA risks when evaluating their own DEI programs.
To read the full article, please click here.
Effective April 14: FinCEN GTO Requires MSBs Along US Southwest Border to Report Transactions in Currency of More than $200
Go-To Guide:
The Financial Crimes Enforcement Network (FinCEN) issued a Geographic Targeting Order (GTO) requiring all money services businesses (MSBs) located in 30 ZIP codes across California and Texas to, among other things, report and maintain records of cash transactions exceeding $200 (up to $10,000), and to verify the identity of persons presenting such transactions.
The GTO does not alter existing obligations for MSBs, except as otherwise provided in the GTO.
The GTO takes effect April 14, 2025, and will remain in effect until Sept. 9, 2025, unless renewed.
Background
Effective April 14 through Sept. 9, 2025, unless renewed, FinCEN’s GTO aims to combat Mexico-based cartels and other illicit actors in certain California and Texas counties along the U.S.-Mexico border. The GTO requires all MSBs located in the specified targeted areas to (i) file Currency Transaction Reports (CTRs) with FinCEN for cash transactions of more than $200 but not more than $10,000; and (ii) verify the identity of persons making such transactions.
The GTO is intended to support the Trump administration’s goal of halting the flow of harmful drugs into the United States by drug cartels and other criminal actors. President Trump issued an executive order (EO) in January mandating the classification of drug cartels and other organizations as Foreign Terrorist Organizations (FTOs) or Specially Designated Global Terrorists (SDGTs). Following the EO, the U.S. Departments of the Treasury and State designated eight organizations as FTOs and SDGTs, including six drug cartels based in Mexico. According to U.S. Treasury Secretary Scott Bessent, the GTO “underscores [the] deep concern with the significant risk to the U.S. financial system of the cartels, drug traffickers, and other criminal actors along the Southwest border.”
Which MSBs Must Comply with the GTO?
MSBs1 located in the seven counties in California and Texas listed below, as denoted by their respective ZIP codes, are required to comply with the GTO (collectively, Covered MSBs):
Imperial County, California: 92231, 92249, 92281, and 92283;
San Diego County, California: 91910, 92101, 92113, 92117, 92126, 92154, and 92173;
Cameron County, Texas: 78520 and 78521;
El Paso County, Texas: 79901, 79902, 79903, 79905, 79907, and 79935;
Hidalgo County, Texas: 78503, 78557, 78572, 78577, and 78596;
Maverick County, Texas: 78852; and
Webb County, Texas: 78040, 78041, 78043, 78045, and 78046.
MSBs located in these specified targeted areas must transmit the GTO to each of their agents located in these areas.
What Transactions Must Be Reported and How?
Covered MSBs must report each deposit, withdrawal, exchange of currency, or other payment or transfer by, through, or to the Covered MSB that involves a transaction in currency of more than $200 but not more than $10,000. The CTR filing requirement, however, does not apply to transactions with a commercial bank.
The Covered MSB must report the transaction to FinCEN in a CTR through the BSA E-Filing System within 15 days of the date when the transaction occurred and include “MSB0325GTO” in Field 45 in Part IV of the CTR. FinCEN instructs Covered MSBs to continue with the submission notwithstanding the BSA E-Filing System-generated warnings indicating the transaction being reported is below the $10,000 reporting threshold.
The GTO reminds Covered MSBs to comply with the identification requirements set forth at 31 C.F.R. § 1010.312 before concluding a covered transaction, including the requirement that the specific identifying information used in verifying the identity of the customer be recorded on the CTR. The GTO prohibits the mere notation of “known customer” or “bank signature card on file” on the CTR. The GTO exempts Covered MSBs from verifying the identity of armored car service employees.
Although dollar thresholds for Suspicious Activity Report requirements remain the same (i.e., as low as $2,000),2 FinCEN encourages the voluntary filing of SARs where appropriate to report transactions conducted to evade the $200 reporting threshold imposed by the GTO.
Record Retention Requirements
Covered MSBs must retain all CTRs filed in compliance with the GTO and any related records for a period of five years from the last day the GTO is in effect (including any renewals thereof). MSBs must make these records available to FinCEN or any other law enforcement or regulatory agencies upon request.
Noncompliance
Noncompliance with the terms of the GTO may result in civil or criminal fines/penalties for the Covered MSB and any of its officers, directors, employees, and agents.3
Key Takeaways for Covered Businesses
The GTO will directly impact the operations of MSBs that engage in cash-based transactions in the 30 ZIP codes subject to the GTO. MSBs operating in these areas should become familiar with the GTO’s requirements and take steps to ensure the implementation of adequate controls to comply with the GTO’s terms by April 14, 2025. This may involve updating existing risk assessments, reviewing BSA-mandated compliance programs, and training customer-facing and compliance staff.
Covered MSBs should closely monitor regulatory updates from FinCEN, as GTOs historically have been renewed and at times, expanded to address emerging areas of concern.
1 FinCEN regulations define an “MSB” to include dealers in foreign exchange, check cashers, issuers or sellers of traveler’s checks or money orders, providers of prepaid access, money transmitters and sellers of prepaid access. 31 C.F.R. § 1010.100(ff).
2 31 C.F.R. § 1022.320.
3 31 U.S.C. §§ 5321-5322.
Video: Whistleblower Challenges and Employer Responses: One-on-One with Alex Barnard
Addressing whistleblower claims is one of the most sensitive and complex issues employers face. It becomes especially challenging when the claims involve compliance officers, risk officers, or even lawyers tasked with identifying potential problems.
In this one-on-one interview, Epstein Becker Green attorney Alex Barnard sits down with George Whipple to explore the unique challenges whistleblower allegations present within organizations. Alex explains how courts distinguish between performing one’s job duties and raising legitimate whistleblower concerns, particularly when internal experts are involved. He also outlines key strategies for investigating claims fairly, avoiding retaliation, and navigating the fine line between good-faith and bad-faith whistleblowing.
Drawing on more than 25 years of experience in litigation and internal investigations, Alex emphasizes the importance of treating every claim as having merit while acting with caution in cases involving potential bad faith. He provides actionable insights for employers on maintaining professionalism, minimizing risks, and fostering respect for the whistleblower process while upholding organizational integrity.
Learn effective techniques to handle whistleblower claims, mitigate risks, and ensure compliance in an increasingly scrutinized workplace environment.
What Is the Meaning of a Whistleblower in Healthcare?
Learning how to report Medicare, Medicaid, TRICARE, FEHB, and VA health fraud, and other false claims involving federal funds is crucial when it comes to protecting patients as well as taxpayers and keeping these healthcare programs solvent. Most whistleblowers are ordinary workers who are just doing their job when they come across fraudulent practices of their employer. Acting as a healthcare whistleblower ensures that the U.S. healthcare industry prioritizes patients over profit.
What Is a Whistleblower?
A whistleblower is someone who reports evidence of fraud, waste, abuse, or other wrongdoing within an organization. In healthcare, whistleblowers are often nurses, doctors, medical office staff, pharmaceutical or EHR sales representatives, or other employees of healthcare organizations. To protect these taxpayer-funded health care programs, organizational insiders or whistleblowers (known as relators) can help.
Individuals who wish to report their employer for defrauding one or more of these government healthcare programs can do so by obtaining an experienced qui tam attorney. Under the False Claims Act, healthcare whistleblowers may be eligible to receive a financial reward and certain protection against retaliation when they report their employers for defrauding a government healthcare program. By reporting through a False Claims Act qui tam suit, they may be able to receive from 10% to 30% percent of the government’s total recovery when successful.
What Are the Most Common Types of Healthcare Fraud?
Some of the most common kinds of healthcare fraud include:
Medicare Advantage fraud: Medicare Advantage (Medicare Part C), an insurance program funded by taxpayers, has been enormously popular with seniors but is also subject to being defrauded. One common fraud by healthcare organizations and plans has been to make their patients appear sicker than they are to submit false and inflated claims for payment to the government program. Medicare Advantage insurers have paid settlements for such violations under the False Claims Act thanks to whistleblowers (individuals who reported their employer for defrauding the government).
Kickback schemes: Under the Stark Law, physicians are prohibited from making referrals that are connected to their own financial interests. However, many nursing homes, home healthcare providers, hospitals, provider groups, managed care organizations, pharmacies, drug manufacturers, laboratories, durable medical equipment (DME) providers, and other health care organizations have unlawfully offered financial incentives to induce referrals to obtain new Medicare, Medicaid, TRICARE and VA Health insured patients. Pharmaceutical companies have been held accountable under the False Claims Act when they provide doctors and their staff speaking fees, expensive dinners, sporting event tickets, airfare, and other benefits to physicians to induce them to prescribe their drugs and products. All of these are examples of kickbacks, which are illegal in government healthcare programs and can lead to the payment of damages and civil penalties and a reward for whistleblowers.
Upcoding and billing for services not rendered: Upcoding is fraudulent medical billing in which a government-insured claim is submitted for payment regarding a service that is more expensive than the service that was actually performed. Billing for services not rendered is just that: billing the government for services that were never provided to the patient. Both are illegal under the False Claims Act.
Billing for unnecessary services: Health care fraud is a leading source of False Claims Act qui tam settlements and judgments. These recoveries restore funds to federal programs such as Medicare, Medicaid, and TRICARE, the health care program for service members and their families. But just as important, in many cases, enforcement of the False Claims Act also protects patients from medically unnecessary or potentially harmful actions.
Pharmaceutical fraud: Pharmaceutical companies have unprecedented power in the American economy to set prices for lifesaving drugs and treatments. False Claims Act qui tam suits have involved allegations that drug companies conspired to fix the price of various generic drugs, which led to higher drug prices for federal health care programs. Other schemes involve underpaying rebates under the Medicaid fraud rebate program.
At home healthcare fraud: At home healthcare is a booming industry, with over 3 million Americans receiving skilled nursing or long-term care at home. However, approximately 84% of home health agencies are for-profit corporations, according to the CDC. Home health care is rife with opportunities for fraud as well as patient abuse. Examples include falsely certifying to the government the number of actual hours or care provided, claiming care was provided by qualified staff when it was done by unskilled individuals, billing for unnecessary services, upcoding and billing for services not rendered.
The Department of Justice recovered over $1.67 billion in the last fiscal year that was lost to healthcare fraud. This was in no small part to the actions healthcare whistleblowers who simply wanted to do the right thing. Over the course of the last fiscal year 2024, false claims from managed care providers, hospitals, pharmacies, pharmaceutical companies, laboratories, and physicians accounted for over half of the total federal fraud reported and recovered through qui tam lawsuits. During the same period, the relator shares for the individuals who exposed fraud and false claims by filing qui tam actions exceeded $400 million paid directly to these individuals who stepped up and did the right thing.
Why Is Whistleblowing Important in Healthcare?
Blowing the whistle on healthcare fraud protects patients and prevents the government health care programs (Medicare, Medicaid, FEHB, VA health, and TRICARE) from becoming insolvent. Whistleblowing can help to deter conduct whereby healthcare providers are influenced by improper financial considerations over providing patients the right care at the right time. Other conduct such as those identified here can put patients at risk of harm.
There is simply no reason why taxpayers should pay higher costs to line the pockets of fraudulent health care organizations or providers. Whistleblowers can also help government enforcement agencies to get rid of the bad apples in the health care industry, a goal the entire industry should be able to get behind. Reporting medical fraud allows patients to get the care they deserve and deter future misconduct of organizations and providers that attempt to take advantage of the system. Federally funded healthcare is in place to protect those who need and deserve a safety net for their care, including seniors (who will be all of us one day), U.S. military veterans, U.S. active duty military members and their families, lower-income Americans including children. Those who perpetrate healthcare fraud schemes take advantage of vulnerable populations and also reduce the pool of healthcare funds available for us all. Healthcare organizations and providers should not get to enrich themselves at the expense of patients and taxpayers.
What Is Qui Tam in Healthcare?
Qui tam is a provision of law that allows whistleblowers the opportunity to sue on behalf of the government and collect rewards. Whistleblowers are known as relators under the False Claims Act, which is the most powerful enforcement tool to recover misspent taxpayer funds. Qui tam suits in the healthcare space rest upon allegations involving healthcare organizations that submit or cause another organization to submit false claims to the government in order to wrongfully claim or keep funds under the Medicare, Medicaid, TRICARE, VA Health or FEHB programs. If you have information relating to Medicare Advantage fraud, health care kickback schemes, Stark violations, upcoding or billing for services not rendered, billing for unnecessary services, drug price-fixing or Medicaid best price or rebate violations, home health fraud, or any other kind of health care fraud committed by your employer or a competitor in your space, you may be able to become a qui tam relator and be eligible for a reward.
What Protections Do Healthcare Whistleblowers Receive?
If you report fraudulent practices such as these under the False Claims Act, you can receive protections if your employer retaliates or discriminates against you due to your disclosure. With a federal right of action, your qui tam attorney can sue on your behalf in order to receive:
Reinstatement at prior seniority level
Up to double back pay with interest
Front pay, in cases where reinstatement is not possible
Additional damages
Attorneys fees and costs
However, reporting as soon as possible is advisable in order to ensure that this statute applies. If you are fired before you are able to report fraud to the government, you may not only lose access to valuable information that can contribute to your claim, but you also may not be able to sue for FCA whistleblower protections.
Will Ling Chi Kill The Corporate Transparency Act?
Ling Chi was a slow and torturous method of execution practiced in Imperial China. Better known in English as “death by a thousand cuts”, ling chi took a terribly long time to kill the condemned prisoner.
The Corporate Transparency Act, or CTA, may also be killed by a thousand cuts. Since enactment, the CTA has been challenged in numerous courts around the country, bills have been introduced in Congress to delay implementation of the act, FinCEN has announced suspension of enforcement against U.S. citizens and domestic reporting companies. See Navigating the Changing Landscape of Corporate Transparency Act Compliance. Now, U.S. District Court Judge Robert J. Jonker has granted judgment:
(1) declaring the Reporting Requirements of the CTA a violation of the Fourth Amendment prohibition against unreasonable searches; (2) relieving Plaintiffs and their members of any obligation to comply with the Reporting Requirements of the CTA; and (3) permanently enjoining Defendants from enforcing any of the CTA’s Reporting Requirements against the plaintiffs and their members, and from using or disclosing any information already provided by the plaintiffs and their members under the Reporting Requirements.
Small Bus. Ass’n of Michigan v. Yellen, 2025 WL 704287 (W.D. Mich. Mar. 3, 2025). Judge Jonker’s comments on the Fourth Amendment are worth noting:
The Constitution generally, and the Bill of Rights in particular, are all about protecting citizens from the power of government. Governmental power has a natural tendency to expand and encroach on the freedom and privacy of citizens. That is true even when the government is pursuing goals—like crime investigation and prevention—that are worthy and important. The Fourth Amendment is one of the key limits on government power that protects the legitimate privacy interests of citizens from unreasonable government intrusion. In Orwell’s 1984, “Big Brother” had omnipresent telescreens everywhere—including every citizen’s living room—that made sure nothing beyond a smuggled, hand-written diary was truly private. The CTA doesn’t go that far, to be sure, but it’s a step in that direction. It compels citizens to disclose private information they are not required to disclose anywhere else just so the government can sit on a massive database to satisfy future law enforcement requests. It does so at a cost of billions of dollars to the citizens least likely to afford it. It amounts to an unreasonable search prohibited by the Fourth Amendment.
Unclaimed Property Laws and the Health Industry: Square Peg, Round Hole
Likely due to the tremendous number of healthcare mergers, acquisitions, and private equity deals that have been taking place, the industry has recently been the target of multistate unclaimed property audits. This increased scrutiny has highlighted many of the complexities and tensions that exist in this space. At almost every stage of the process, healthcare industry holders are pressured by state unclaimed property auditors and administrators to fit a square peg in a round hole – something both they and their advocates should continue to vigorously push back against.
Determining whether any “property” exists to report in the first instance can be a daunting task in an industry where multiple parties are involved in a single patient transaction that is documented by complex business arrangements between sophisticated parties, which are updated and accounted for on a rolling basis. Unclaimed property audits are conducted in a vacuum of one single holder and use standard document requests that were developed to apply to all businesses, creating unrealistic record retention and management expectations that almost never neatly align with healthcare industry laws or practices.
Making matters worse, unclaimed property auditors and voluntary disclosure agreement (VDA) administrators frequently do not have a detailed understanding of the complex healthcare privacy, billing, and payment practices, yet these practices materially impact how providers manage unclaimed property and when they report it. Getting them up to speed on these laws, practices, and procedures can be very time-consuming. For example, providers or their advisors may need to explain to auditors what HIPAA is or what prompt pay laws are. Many of the payments in this space are managed or funded by the US government, resulting in federal preemption of a state’s ability to demand at least some portion of the funds a review is likely to identify. And while some of the larger healthcare providers and payors have detailed records for more recent periods, the degree of detail requested by the auditors is frequently unreasonable (in both time and scope) and can result in sampling, extrapolation, and grossly overstated audit results.
This article explores some of the unclaimed property law tensions and legal risks that exist for healthcare providers of all sizes.
COMMON PROPERTY TYPES
Some common property types at risk of exposure in the healthcare industry include patient credit balances, accounts payable checks, payroll checks, refund checks, and voided checks. These risk areas can result in unclaimed credit balances for varying reasons, such as overpayment and payment of the same bill by multiple sources. Healthcare providers and insurance companies periodically engage in settlement audits to resolve open items. However, a healthcare provider may make adjustments and write-offs to accounts receivable arising from a settlement, thus creating tension with the statutory anti-limitation provisions of unclaimed property law.
FEDERAL PREEMPTION
Although all 50 states and the District of Columbia have enacted unclaimed property laws, federal laws may preempt their ability to exert jurisdiction and regulate certain (otherwise) unclaimed property. Federal preemption can often be raised as a defense in the healthcare industry where federal law robustly governs the space (such as Medicare) or conflicts with state unclaimed property laws. For example, these defenses can be raised when federal law either establishes or abrogates property rights, claim obligations, and periods of limitation.
PROMPT PAY STATUTES AND RECOUPMENT
Prompt pay statutes are generally designed to ensure that physicians and medical providers are recovering their payment claims with insurance providers in a timely manner. Most states contain laws that typically include (1) a period in which claims are required to be processed, (2) types of claims covered, and (3) penalties for failure to comply. The statutes’ deadlines for making payments typically range from 15 to 60 days, depending on the state. Moreover, recoupment provisions in many states provide that refunds of paid claims by insurers are barred after the expiration of a specific period of time from the date of payment. Under these provisions, insurers cannot avoid this requirement via their contracts with the provider. Individual state statutes will render different results related to the coordination of benefits for federally funded plans such that there is either no recoupment period or a longer one. The finer details of prompt pay and recoupment statutes are important for states and their auditors to understand and, if not properly accounted for in an audit or VDA, can lead to vastly overstated results.
BUSINESS-TO-BUSINESS EXEMPTION
Some states exempt business-to-business payments and/or credit due from unclaimed property reporting. The scope of these exemptions can vary widely and sometimes contain traps for the unwary, requiring careful review before they are broadly implemented into a provider’s reporting process. In many states, there are viable defenses to unclaimed property audit assessments seeking payor funds held by a provider.
REVENUE RECOGNITION BASED ON CONTRACT
Contractual allowance adjustments and accounts receivable credit reclasses in the contractual allowance account can give the appearance of unclaimed property if not resolved timely, accurately, and with the appropriate supporting documentation. Examples of accounts that can give rise to potential unclaimed property credits include expired or outdated contracts between a healthcare provider and insurance company, unaccounted contract revisions or adjustments, and others that are unique to the healthcare industry to account for the complex flow of funds between patient, provider, and payor.
M&A DEALS
Unclaimed property results can vary significantly based on the terms and type of deal. It is best practice for unclaimed property counsel to be involved in healthcare deals to ensure any potential unclaimed property is accounted for. The typical failure to maintain records in a searchable manner post-acquisition may result in either (1) false positives during the next audit in an address review or (2) a windfall for the state of formation if an estimation is performed. Reviewing key provisions in the agreement when conducting a deal can identify complications that may arise and ensure the parties proactively account for any risk and maintain the records needed.
False Claims Acts
Many state False Claims Acts (FCAs) permit a private party (a relator) with knowledge of past or present underpayments to the government to bring a sealed lawsuit on its behalf. When these suits are successful, the relators receive 15% to 30% of any judgment or settlement recovered, which includes treble damages of the alleged unclaimed property liability and interest, per occurrence penalties, and even costs and attorneys’ fees.
In California ex rel. Nguyen v. U.S. Healthworks, Inc., the plaintiff brought a suit alleging that the failure to report credits as potential overpayments violated California unclaimed property law and the state FCA. The California attorney general filed an unclaimed property complaint in intervention against the healthcare provider, identifying the ongoing failure to comply with state unclaimed property law as a key factor in the attorney general’s decision to pursue the case under California’s FCA before agreeing to settle for $7.7 million in 2023.
Other states, including New York, are actively involved in aggressively enforcing their unclaimed property laws as punitively as possible through state FCAs. The U.S. Healthworks case is a cautionary tale for healthcare providers that have not robustly analyzed their unclaimed property law compliance practices.