Amended Illinois Whistleblower Act Increases Protections for Internal Reports
Newly effective amendments to the Illinois Whistleblower Act (“IWA”) provide greatly enhanced protections and remedies to Illinois employees who report unlawful conduct by their employers. The IWA protects both private and government employees who report information that they believe violates the law, or who refuse to participate in an activity that they believe violates the law.[1] However, until January 1, 2025, the IWA required that employees report the alleged misconduct to an external government body. As revised, the IWA now protects internal whistleblower reports as well. The IWA amendments also create a more employee-friendly standard for demonstrating that the whistleblower believed that unlawful conduct was occurring and expand the remedies available for violations of the statute. Taken together, the changes detailed below bring Illinois law in line with some of the broadest federal and state-level whistleblower protections, including the Sarbanes-Oxley Act of 2022 (“SOX”) and the Consumer Financial Protection Act (“CFPA”), both of which apply to disclosures made internally to the employer. Illinois also now mirrors several states that similarly provide whistleblower protection for internal disclosures, including New York, Minnesota, New Jersey, Virginia, and California.
Protecting Internal Disclosures
Prior to the amendment, which Governor JB Pritzker approved on August 9, 2024, an employee’s report of suspected misconduct to a supervisor was insufficient to gain protection under the IWA because whistleblowers had to report to external government authorities. For example, in 2020, an Illinois district court in Beasley v. City of Granite City held the IWA did not apply to a city police dispatcher’s internal report.[2] In that case, the dispatcher suffered retaliation by her captain after she helped her supervising lieutenant bring his own case against the captain. The court held that the dispatcher failed to state a claim under the IWA because she disclosed the retaliation only to the supervising lieutenant instead of “to a court, in any other proceeding, or to a government or law enforcement agency. ”[3] Although the dispatcher attempted to publicly disclose the wrongdoing via the lieutenant’s court proceeding against the captain, the court rejected such indirect reporting as insufficient under the IWA.[4]
Now, as of January 1, 2025, whistleblowers in Illinois will be protected for making internal disclosures.[5] Under the amended law, employers are prohibited from taking “retaliatory action” against an employee for disclosing or threatening to disclose information about the employer to any supervisor, principal officer, board member, or supervisor. [6] Importantly, “retaliatory action” includes an actual or threatened adverse employment action that would dissuade a reasonable worker from coming forward, or “any non-employment action that would dissuade a reasonable worker from disclosing information[.]” Adverse actions include, but are not limited to, firing, demotion, wage reduction, denying promotions, discipline, and threats. Retaliatory actions include, but are not limited to, the actual or threatened intentional interference with the ability to obtain future or former employment, and actual or threatened action related to interference with one’s immigration status.[7]
More Whistleblower-Friendly “Good Faith” Standard for Protected Activity
In addition to the protection for internal disclosures, the amended IWA also modifies the standard for whistleblower knowledge from requiring a “reasonable cause” to believe that the employer violated the law, to a “good faith” belief that the employer violated the law or posed a danger to the public. Although Illinois courts have not yet had an opportunity to define the “good faith belief” requirement, it may be easier for employees to bring a whistleblower claim as compared to SOX, which only covers employees who have a “reasonable belief” based on both an employee’s subjective and objective beliefs. Generally, good faith is considered to refer to honest dealing or a legitimate intent behind a person’s actions. For example, Illinois defines “good faith” in an unrelated statue as “honestly in fact in the conduct of the transaction.”[8] If the reporting employee must only show that they had an honest belief that their employer’s conduct violated law or policy or was a threat to public health or safety, employees may have an easier time meeting their initial burden.
Broader Remedies
Finally, the amended IWA increases the scope of potential penalties available against violating entities. The IWA now contains a criminal misdemeanor penalty and additional civil penalties including permanent or preliminary injunctive relief, back pay with interest, front pay, liquidated damages up to $10,000, compensation for litigation costs, and a civil penalty of $10,000 payable to the employee.[9] In addition to the private right of action, the amendment also allows for enforcement by the Attorney General.[10]
Put together, these amendments to the IWA greatly increase the range of protections for whistleblowers who report misconduct internally within their employer. Under the new statutory scheme, the police dispatcher in Beasley would have likely survived dismissal because she experienced retaliation in the form of threats, denial of comp time, and suspension after she reported misconduct within the organization to her supervisor. The amended IWA will provide employees in Illinois with the important opportunity to take advantage of whistleblower protections at the state level.
***
[1] See 740 ILCS § 174/15; see also Whistleblower Retaliation, available at https://katzbanks.com/practice-areas/whistleblower-law/.
[2] Beasley v. City of Granite City, 442 F. Supp. 3d 1066, 1072-73 (S.D. Ill. 2020).
[3] Id. at 1073.
[4] Id. at 1074.
[5] The new rules under the IWA only apply proactively.
[6] 740 ILCS § 174/15(c).
[7] 740 ILCS § 174/5
[8] Ill. Admin. Code tit. 38, § 1050.1250
[9] 740 ILCS § 174/25, 30.
[10] 740 ILCS § 174/31.
Renewed Prohibition on Use of Sub-Regulatory Guidance – Key to False Claims Act Cases
It’s déjà vu all over again.”[1] Attorney General Pam Bondi has not surprisingly renewed the prior Trump administration’s prohibition on the use of sub-regulatory guidance, potentially altering the landscape for False Claims Act cases pursued during the second Trump administration.
This development is the latest in a series of efforts to allow reliance on government guidance — or not. To catch everyone up:
On February 5, 2025, Bondi issued a memorandum, titled “Reinstating the Prohibition on Improper Guidance Documents” (the “Bondi Memo”).
The Bondi Memo expressly withdrew prior Attorney General Merrick Garland’s own July 1, 2021. memorandum, titled “Issuance and Use of Guidance Documents by the Department of Justice” (the Garland Memo).
The Bondi Memo also tacitly revived prior Attorney General Jeff Sessions’ November 2017 memorandum, titled “Prohibition on Improper Guidance Documents” (the “Sessions Memo”), and a January 2018 memorandum from Associate Attorney General Rachel Brand, titled “Limiting Use of Agency Guidance Documents in Affirmative Civil Enforcement Cases” (the “Brand Memo”).[2]
In this latest Bondi Memo, the DOJ states, “[g]uidance documents” that have not undergone “the rule making process established by law yet purport to have a direct effect on the rights and obligations of private parties” are not lawful regulatory authority. This recission is to “restore the Department to the lawful use of regulatory authority” and advance DOJ’s “compliance with its mission and duty to uphold the law.” Accordingly, DOJ attorneys likely will not be permitted to rely on agency guidance to establish a violation of law or a false statement in a False Claims Act case.
DOJ’s reliance on agency guidance already was in doubt after the Supreme Court’s 2024 decision in Loper Bright, which reworked how courts should view agency guidance. The Garland Memo had asserted that DOJ attorneys “may rely on relevant guidance documents . . . including when a guidance document may be entitled to deference or otherwise carry persuasive wait with respect to the meaning of applicable legal requirements.” Loper Bright, however, made clear that agencies are not entitled to deference unless deference is expressly provided for by statute. And even prior to Loper Bright, the Supreme Court, in Kisor v. Wilkie, confirmed agency guidance “never forms the basis for an enforcement action’’ because such documents cannot “impose any legal binding requirements on private parties.” 588 U.S. 558, 584 (2019) (internal citations omitted). The Bondi Memo is yet another attack on what may be considered agency overreach.
Because the Garland Memo itself rescinded two memoranda from the previous Trump administration DOJ officials, these prior Sessions and Brand memoranda tacitly are restored by the recission of the Garland Memo. Both memoranda restricted DOJ’s use of sub-regulatory guidance and prevented DOJ from using guidance documents to “determine compliance with existing regulatory and statutory requirements.” See Sessions Memo & Brand Memo (prohibiting use of “noncompliance with guidance documents as a basis for proving violations of applicable law.”)
What presently is murky is whether DOJ still may use guidance documents to establish scienter. The Brand Memo had provided that “some guidance documents simply explain or paraphrase legal mandates from existing statutes or regulations, and the Department may use evidence that a party read such a guidance document to help prove that the party had the requisite knowledge of the mandate.” It has been a longstanding DOJ practice to use guidance documents to show scienter, and the practice was permitted under the first Trump administration and the perhaps now-restored Brand Memo. The Bondi Memo does not directly address the use of agency guidance to show scienter, nor does it announce any new policy. However, more guidance is coming: The Bondi Memo directs the associate attorney general to prepare a report within 30 days “concerning strategies and measures that can be utilized to eliminate the illegal or improper use of guidance documents.”
What to Expect
This restriction on the use of guidance documents to bring FCA and other cases — in conjunction with Loper Bright — prevents DOJ attorneys from basing claims against recipients of government funding based on potential legal violations derived from or supposedly clarified in agency guidance. However, we anticipate DOJ likely will still use guidance documents in efforts to establish scienter. The forthcoming Associate Attorney General report may shed more light on DOJ’s plans in this area.
[1] Baseball lore includes the story that Yogi Berra said this after Mickey Mantle and Roger Maris hit back-to-back homeruns in 1961, as they were chasing Babe Ruth’s homerun record.
[2] Foley’s previous analysis of the Brand Memorandum and its impact on the health care landscape is located here: DOJ Memoranda Ushering in New Era for Health Care Enforcement.
Bipartisan Support For A CTA Pause And Livy Explains The Inequity Of Student Loan Forgiveness
As the courts wrestle with various challenges to the Corporate Transparency Act, Congress is also taking an interest. Last week, the House of Representatives passed H.R. 736 which would allowcompanies formed or registered before January 1, 2024, to submit beneficial ownership information to FinCEN by January 1, 2026, instead of by January 1, 2025, as required under the current statute. The bill passed the House with overwhelming bipartisan support by a vote of 408 to zero. The next day, Senator Tim Scott introduced a companion bill in the Senate, S. 505.
A Two Thousand Year Old Explanation For Why Student Loan Forgiveness Is Inequitable
I have just finished reading books 1-5 of Ab Urbe Condita (From the Founding of the City) by the Roman historian Titus Livius (aka Livy) who lived and wrote in the first century B.C.E. This famous retells the history of Rome from its founding until 9 B.C.E. in 142 books, only a portion of which survive completely. One of the great pleasures of reading the ancients is the realization that as Qoheleth observed long ago “The thing that hath been, it is that which shall be; and that which is done is that which shall be done: and there is no new thing under the sun”. Ecclesiastes 1:9.
In the early days of the Roman republic, citizens were expected to serve in the military at their own expense. In 406 B.C.E., however, the Roman Senate decided to curry the favor of plebeians by paying soldiers out of the public treasury:
decerneret senatus, ut stipendium miles de publico acciperet, cum ante id tempus de suo quisque functus eo munere esset (the senate resolved that a soldier should receive a stipend from the public treasury, when before that time whoever served did so at his own expense).
Many of plebeians thought this a great boon since, according to Livy, their property would not be diminished whilst they served in Rome’s numerous wars. Their elected Tribunes, however, discerned otherwise. First, they asked:
unde enim eam pecuniam confici posse nisi tributo populo indicto? (where will the state be able to get the money except by levy on the people (i.e., taxes)?
Thus, it was understood, at least by some, two thousand years ago that the governments do not create wealth. Rather, governments take wealth from the many and redistribute to a chosen few.
But redistribution was not the only problem. The proposal was fundamentally inequitable:
neque id, etiamsi ceteri ferant, passuros eos, quibus iam emerita stipendia essent, meliore condicione alios militare, quam ipsi militassent, et eosdem in sua stipendia inpensas fecisse et in aliorum facere (Even if others should suffer it, those who had earned their discharge by service would not endure that others should serve on better terms than themselves – to have paid their own expenses and to pay the expenses of others).
In other words, some citizens were being forced to pay twice – once for themselves and then again for others.
New Administration Establishes International Criminal Court-Related Sanctions
On Feb. 6, 2025, President Trump issued an executive order (EO) establishing International Criminal Court (ICC)-related sanctions. The EO characterized the ICC as “ha{ving} engaged in illegitimate and baseless actions targeting America and our close ally Israel.”
The EO imposes sanctions on persons listed in its annex, which currently includes Karim Khan, prosecutor of the ICC since 2021. The EO also authorizes sanctions on any foreign person determined by the U.S. State Department to, e.g., have directly engaged in any effort by the ICC to investigate, arrest, detain, or prosecute a protected person without consent of that person’s country of nationality or to have provided material assistance or support for such activities or persons sanctioned under the EO. As a result of these sanctions, U.S. persons generally may not engage in any unlicensed transactions with Khan, and his property in the U.S. is blocked (i.e., frozen). The sanctions also impose travel-related restrictions. These prohibitions would also extend to anyone else sanctioned under this authority.
These new ICC-related sanctions represent one of several actions President Trump has taken under the International Emergency Economic Powers Act (IEEPA), which provides the president with broad authority to regulate international transactions in response to a declared “national emergency.” IEEPA has previously been used to target China, Canada, and Mexico.
U.S. and international businesses must carefully monitor the Trump Administration’s use of IEEPA to regulate international trade. Prohibitions established under IEEPA can take effect immediately, and non-compliance can lead to significant penalties.
Criminal Charges Lodged Against Alleged Phobos Ransomware Affiliates
Unfortunately, I’ve had unpleasant dealings with the Phobos ransomware group. My interactions with Phobos have been fodder for a good story when I educate client employees on recent cyber-attacks to prevent them from becoming victims. The story highlights how these ransomware groups, including Phobos, are sophisticated criminal organizations with managerial hierarchy. They use common slang in their communications and have to get “authority” to negotiate a ransom. It’s a strange world.
Because of my unpleasant dealings with Phobos, I was particularly pleased to see that the Department of Justice (DOJ) recently announced the arrest and extradition of Russian national Evgenii Ptitsyn on charges that he administered the Phobos ransomware variant.
This week, the DOJ unsealed charges against two more Russian nationals, Roman Berezhnoy and Egor Nikolaevich Glebov, who “operated a cybercrime group using the Phobos ransomware that victimized more than 1,000 public and private entities in the United States and around the world and received over $16 million in ransom payments.” They were arrested “as part of a coordinated international disruption of their organization, which includes additional arrests and the technical disruption of the group’s computer infrastructure.” I’m thrilled about this win. People always ask me whether these cyber criminals get caught. Yes, they do. This is proof of how important the Federal Bureau of Investigation (FBI) is in assisting with international cybercrime, and how effective its partnership with international law enforcement is in catching these pernicious criminals. This is why I firmly believe that we must continue to share information with the FBI to assist with investigations, and why the FBI must be allowed to continue its important work to protect U.S. businesses from cybercrime.
Business Impacts of Trump’s Executive Order Pausing FCPA Enforcement
On February 10 President Trump issued an Executive Order, Pausing Foreign Corrupt Practices Act Enforcement to Further American Economic and National Security, signaling a shift in U.S. enforcement priorities regarding foreign bribery. The directive places a temporary halt on investigations or enforcement actions related to the Foreign Corrupt Practices Act (FCPA) for a period of 180 days and orders a review of ongoing FCPA investigations.
Key Provisions of the Executive Order
The Executive Order mandates several important actions by U.S. Attorney General Pam Bondi, including:
Ceasing new FCPA investigations and enforcement actions: For the next 180 days, the Attorney General is required to refrain from initiating any new investigations or actions related to the FCPA.
Review of existing FCPA cases: The Attorney General must conduct a detailed review of all ongoing FCPA investigations and enforcement actions. This review will determine the appropriate course of action to ensure that FCPA enforcement stays within the administration’s priorities.
Issuing updated guidelines or policies: The Attorney General is tasked with issuing revised guidelines or policies concerning FCPA enforcement during this review period.
Approval for continued cases: Any FCPA investigations or enforcement actions that continue or are commenced after the new guidelines or policies are issued will require specific authorization from the Attorney General.
Potential extension: The review period may be extended by an additional 180 days at the Attorney General’s discretion.
The Executive Order also follows a memorandum issued by Bondi on February 5, 2025, which stated that the DOJ would prioritize cases relating to transnational criminal organizations and cartels. This necessarily means a much narrower focus for FCPA enforcement, which had been prioritized more broadly under prior administrations. Specifically, the Total Elimination of Cartels and Transnational Criminal Organizations Memorandum states that the FCPA unit should prioritize investigations involving foreign bribery that facilitates the operations of cartels and transnational criminal organizations, shifting away from cases without such connections.
What Does This Mean for Companies?
For businesses, this Executive Order has several implications. Keeping in mind that these developments are still unfolding, here is how we expect the situation to impact corporate clients:
A major shift in DOJ corporate enforcement: The pause in FCPA enforcement signals a significant decrease in the Department of Justice’s corporate enforcement activities, including FCPA investigations. While this might lead to a reduction in the number of FCPA cases in the near term, it is important to note that enforcement priorities remain in flux.
Anti-Bribery compliance advice remains unchanged for now: Companies should continue to maintain robust anti-corruption policies and internal controls to mitigate the risk of non-compliance with anti-bribery laws.
The FCPA is a criminal law that remains on the books: The FCPA remains the law of the land and violations are federal crimes. Enforcement priorities may shift, but businesses should not assume that the risks associated with FCPA violations have dissipated. The statute of limitations for the FCPA is five years, with the possibility of extension in cross-border cases through mutual legal assistance treaties, meaning future administrations could still pursue FCPA cases for actions taken during this period.
The SEC’s and CFTC’s role in FCPA enforcement: While the DOJ may slow down its FCPA enforcement, the U.S. Securities and Exchange Commission (SEC) retains jurisdiction over FCPA cases for public companies. As an independent agency, the SEC has not yet indicated any plans to ease its approach to FCPA enforcement. Moreover, the SEC can pursue bribery cases without relying solely on the FCPA framework, further complicating the enforcement landscape for businesses. In addition, the U.S. Commodity Futures Trading Commission (CFTC) has in more recent years taken the view that it may bring enforcement actions in cases involving foreign corrupt practices under Commodity Exchange Act provisions.
International anti-bribery laws still apply: Many other countries have their own anti-corruption laws, such as the UK Bribery Act. With the United States potentially scaling back its FCPA enforcement, there may be a rise in international enforcement actions to fill the gap. Furthermore, companies are increasingly adopting a global perspective on anti-corruption, extending their policies to cover not only the FCPA but also other anti-bribery measures, such as kickbacks and commercial bribery. As a result, businesses should remain vigilant in their anti-corruption efforts, as a broad range of laws could still impact their operations.
Reputation and public perception matter: Bribery and corruption scandals can damage a company’s reputation, even if those incidents occur outside the scope of FCPA violations. Companies should be cautious about relaxing their anti-corruption compliance measures, as the public’s increasing sensitivity to corruption-related issues can lead to negative publicity, regardless of the jurisdiction or legal framework involved.
Looking Ahead
The enforcement landscape for anti-corruption laws in the United States is evolving rapidly. Although the pause in FCPA enforcement may offer a temporary respite for companies, the full implications of these changes are yet to be seen. It is crucial for businesses to stay informed as the situation develops and to continue to maintain anticorruption compliance measures and internal controls that implement anticorruption best practices.
If your company is navigating these changes or has concerns about its compliance practices, consulting with someone experienced in anti-corruption law can provide valuable guidance. Stay tuned for further updates on this significant shift in U.S. enforcement policy.
What Federal Contractors and Grant Recipients Need To Know About EO 14173’s Certification and Non-Discrimination Requirements Concerns
Executive Order (EO) 14173 “Ending Illegal Discrimination and Restoring Merit-Based Opportunity” creates new obligations that could carry significant risks for any organization doing business with the United States federal government. Federal contractors, subcontractors and recipients of federal grant money are or will soon be subject to potential liability under the False Claims Act (FCA).
Quick Hits
EO 14173 is raising potential compliance concerns for organizations during business with the federal government under the FCA, subject to civil and criminal penalties.
Organizations doing business with the federal government now have obligations to certify that they do not operate any programs promoting diversity, equity and inclusion that violate any applicable Federal anti-discrimination laws..
These same organizations also must agree that their compliance with all federal nondiscrimination laws in any federal contract, subcontract, or grant recipient and makes that certification a “material” term for purposes of the FCA.
Organizations doing business with the federal government may want to consider steps to take to minimize compliance risks under the FCA, which can open the door to civil and criminal exposure.
EO 14173, which was signed on January 21, 2025, and other executive actions have raised questions for employers doing business with the federal government as to what programs the government may target and whether efforts to maintain compliance with still-existing federal civil rights and antidiscrimination laws could pull them within federal regulators’ crosshairs. Notably, EO 14173 appears to implicate potential civil or criminal liability for private companies and federal contractors under the FCA, one of the government’s primary tools for combating fraud against the federal government.
The FCA imposes liability on individuals or companies that defraud the federal government by making materially false or fraudulent statements to influence the government to pay out. Those statements must be material to the government’s decision to make the payment. It also includes a “qui tam” provision that allows private individuals, known as “relators” or “whistleblowers,” to file lawsuits on behalf of the government and potentially receive a portion of any recovered damages.
The U.S. Department of Justice (DOJ) has said it collected more than $2.9 billion in settlements and judgments in all fraud claims brought under the FCA in the last fiscal year ending on September 30, 2024, with more than $2.4 billion stemming from qui tam suits.
Specifically, EO 14173 states that agency heads must “include in every contract or grant award: A term requiring the contractual counterparty or grant recipient to agree that its compliance in all respects with all applicable Federal anti-discrimination laws is material to the government’s payment decisions for purposes” of the FCA.
That language requires organizations doing business with the government to certify that they do not have any DEI programs that are unlawful under federal antidiscrimination laws and seeks to make such a certification a material term for purposes of the FCA. Of particular concern is that such claims under the FCA could come not only from the government but also from individuals inside and outside of the organization in qui tam suits.
Next Steps
These actions put employers doing business with the federal government on notice that the new administration is empowering interested individuals, such as applicants, employees, and others to join or possibly replace traditional federal employment agencies, such as the Equal Employment Opportunity Commission (EEOC) and the Office of Federal Contract Compliance Programs (OFCCP), as watchdogs on compliance obligations.
Employers may want to review or audit all their existing DEI or Diversity, Equity, Inclusion, and Accessibility (DEIA) programs or initiatives and to determine if they align with lawful practices under applicable federal anti-discrimination laws.
Employers doing business with the federal government may also want to consider options to create active, robust, and ongoing compliance programs to assist with this new obligation and certification under the FCA. Employers may consider thorough analysis protected by the attorney-client privilege as part of these compliance programs.
AML/BSA Audits: Answers to Frequently Asked Questions (FAQs)
Conducting periodic audits is essential for effectively managing anti-money laundering and Bank Secrecy Act (AML/BSA) compliance. Auditing AML/BSA compliance allows financial institutions, including foreign banks, to assess the efficacy of their compliance programs—and to make updates to their compliance programs when necessary.
By conducting AML/BSA audits, financial institutions can also demonstrate the efficacy of their compliance programs to the Federal Financial Institutions Examination Council (FFIEC) when necessary. FFIEC examinations can present substantial risks, so it is imperative for financial institutions to ensure that they are as prepared as possible.
“Financial institutions need to prioritize effective AML/BSA compliance management. A key step toward effectively managing compliance is to gain a clear understanding of the efficacy of a financial institution’s compliance program. Not only are financial institutions federally required to conduct periodic AML/BSA audits, but periodic auditing also provides critical insight into whether a financial institution’s compliance policies, procedures, and protocols are functioning as intended.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.
With this in mind, what do financial institution executives and directors need to know about conducting AML/BSA audits? Here are the answers to some important FAQs:
Are Financial Institutions Required to Conduct AML/BSA Audits?
Federal regulations require financial institutions to conduct audits (or “independent testing”) as part of their efforts to ensure anti-money laundering and Bank Secrecy Act (AML/BSA) compliance. However, this is as far as the regulations go. As a result, as the FFIEC makes clear, a financial institution’s auditing program, “should be commensurate with the [money laundering/terrorist financing (ML/TF)] and other illicit financial activity risk profile of the bank and the bank’s overall risk management strategy.”
In other words, while AML/BSA auditing and risk assessment is mandatory, the federal regulations leave it up to financial institutions to determine what specific auditing measures are necessary. An informed and custom-tailored approach is critical, and financial institutions should work with their outside counsel to develop an auditing strategy that allows them to manage AML/BSA compliance with confidence.
How Often Are Financial Institutions Required to Conduct AML/BSA Audits?
Just as the federal regulations do not establish substantive requirements for AML/BSA audits, they also do not establish a mandatory frequency. With that said, the FFIEC advises that financial institutions, “may conduct independent testing over periodic intervals (for example, every 12-18 months) and/or when there are significant changes in the bank’s risk profile, systems, compliance staff, or processes.”
As a general rule, financial institutions will want to conduct regularly scheduled audits as a matter of course so that they can maintain a clear understanding of the health of their AML/BSA compliance programs on an ongoing basis—and, for most, this will involve adopting an annual schedule. However, financial institutions must also make informed decisions about when additional mid-cycle audits are necessary.
Can (and Should) Financial Institutions Use Internal Personnel to Audit AML/BSA Compliance?
The FFIEC advises that financial institutions which, “do not employ outside auditors or consultants or do not have internal audit departments may . . . us[e] qualified bank staff who are not involved in the function being tested.” However, while it is permissible to use internal personnel in appropriate cases, financial institution leaders must make an informed and strategic decision about whether this is truly the best approach. If a financial institution does not have internal personnel who devote time to remaining up-to-date on AML/BSA compliance (and who also are not directly involved in the institution’s AML/BSA compliance efforts), then engaging outside counsel will be necessary.
How Can Financial Institutions Document the “Independence” of their AML/BSA Auditors?
Independence is critical when conducting an AML/BSA audit. In fact, rather than stating that financial institutions must conduct internal audits, the federal anti-money laundering regulations state that financial institutions must conduct “independent testing.” Further elaborating on what we just discussed, the FFIEC advises that the internal auditor involved in conducting an AML/BSA audit should, “not [be] involved with the function being tested or other BSA-related functions at the bank that may present a conflict of interest or lack of independence.”
When engaging outside counsel to conduct an AML/BSA audit, the act of engaging outside counsel itself will generally be enough to satisfy any potential concerns about independence (though the scope of outside counsel’s engagement should still be clearly defined). When using internal personnel, additional steps will be necessary to demonstrate that these personnel have subject matter expertise, are unbiased and do not have a personal interest in the outcome of the audit process.
How Can Financial Institutions Document Their Compliance with the AML/BSA “Independent Testing” Requirement?
Documenting compliance with the AML/BSA “independent testing” requirement involves thoroughly documenting the entire audit process as well as its findings and any subsequent remedial action. Another benefit of engaging outside counsel is that it allows this documentation to be protected under the attorney-client privilege. In any case, comprehensiveness is key, as any gaps in a financial institution’s audit documentation will raise questions about why those gaps exist. If there isn’t a clear answer, FFIEC examiners will have little choice but to err on the side of assuming noncompliance.
What Compliance-Related Concerns Should an AML/BSA Audit Examine?
AML/BSA audits must be both comprehensive and custom-tailored. In the words of the FFIEC, “Independent testing of specific BSA requirements should be risk-based and evaluate the quality of risk management related to ML/TF and other illicit financial activity risks for significant banking operations across the organization. . . . Risk-based independent testing programs vary depending on the bank’s size or complexity, organizational structure, scope of activities, risk profile, quality of control functions, geographic diversity, and use of technology.
In brief, AML/BSA audits should focus on a financial institution’s specific risks—and they should examine these risks from all relevant perspectives. The types of issues that will typically need to be addressed during the AML/BSA auditing process and transaction testing include:
Monitoring systems for potentially suspicious activity, including filtering criteria and alerts
Processes for generating, reviewing, filing, and submitting Suspicious Activity Reports (SARs)
Processes for generating, reviewing, and filing Currency Transaction Reports (CTRs)
“Know your customer” compliance, including customer identification program (CIP), customer due diligence (CDD) policies and procedures
Adherence to other anti-money laundering recordkeeping requirements
Again, these are just broad examples. When preparing to conduct an AML/BSA audit, determining not only the scope of the audit, but also how the audit will be conducted, is essential. Following a systematic approach that is focused on a financial institution’s specific compliance obligations and risks is the only practical way to effectively assess compliance consistently on an ongoing basis.
What Should Financial Institutions Do if They Discover Compliance Failures During an AML/BSA Audit?
This is not an uncommon scenario. When financial institutions uncover compliance failures during an AML/BSA audit, the key is to address these failures as efficiently as possible. The specific remedial measures that are necessary will depend on the specific circumstances involved—and this, too, requires informed decision-making. Crucially, during the financial institution’s next AML/BSA audit, assessing the efficacy of these remedial measures should be a top priority.
What Types of Issues Are Likely to Trigger Scrutiny from the FFIEC?
Issues in any of the areas listed above have the potential to trigger scrutiny from the FFIEC. However, this list is far from exclusive. The FFIEC’s examiners exhaustively assess not only the efficacy of financial institutions’ compliance programs, but also the efficacy (and independence) of their auditing processes and procedures.
How Can Financial Institutions Mitigate Their Risk of Facing FFIEC Scrutiny?
In light of everything we have discussed thus far, financial institutions can mitigate their risk of facing FFIEC scrutiny by taking a comprehensive and proactive approach to both managing and monitoring AML/BSA compliance. If financial institutions have documentation on-hand that clearly demonstrates good-faith efforts to comply with all pertinent laws and regulations, they are both far less likely to face intensive FFIEC scrutiny and far less likely to face serious consequences in the event of an FFIEC examination.
What Should You Do if the FFIEC Opens an Examination of Your Financial Institution’s AML/BSA Compliance Efforts?
Of course, even if a financial institution is fully federally compliant, this won’t necessarily stop the FFIEC from scrutinizing its AML/BSA compliance program. If the FFIEC opens an examination of your financial institution’s AML/BSA compliance efforts, you will want to engage your institution’s outside counsel promptly.
What Are the Risks of Failing to Effectively Manage AML/BSA Compliance for Financial Institutions?
If FFIEC examiners identify flaws or oversights in a financial institution’s AML/BSA compliance program or its auditing procedures, the consequences can be significant. The Bank Secrecy Act imposes substantial penalties for violations. These include not only regulatory and civil penalties, but even criminal penalties in some cases.
Do Financial Institutions Need to Engage Outside Counsel to Conduct Their AML/BSA Audits?
With all of this in mind, do financial institutions need to engage outside counsel to conduct their AML/BSA audits? While the federal anti-money laundering regulations do not strictly require financial institutions to engage outside counsel to conduct their independent testing, doing so is strongly recommended for all of the various reasons discussed above. Working with experienced outside counsel allows financial institutions to both confidently manage AML/BSA compliance on an ongoing basis and confidently interface with the FFIEC when necessary.
Trump Pauses FCPA Enforcement and Resets Priorities
On February 10, 2025, President Donald Trump issued an executive order titled, “Pausing Foreign Corrupt Practices Act Enforcement to Further American Economic and National Security” (“FCPA EO”) that directs the Department of Justice (“DOJ”) to pause enforcement of the Foreign Corrupt Practices Act (15 U.S.C. 78dd-1 et seq.) (“FCPA”) for 180 days until new Attorney General (“AG”) Pam Bondi issues new FCPA guidelines and policies on enforcement. The FCPA EO seeks to eliminate “excessive barriers to American commerce abroad,” states that current FCPA enforcement has been “stretched beyond proper bounds and abused in a manner that harms the interests of the United States,” and states that “overexpansive and unpredictable FCPA enforcement against American citizens and businesses . . . actively harms American economic competitiveness and, therefore, national security.”
For the uninitiated, the FCPA is a criminal statute enacted in 1977, which the DOJ and U.S. Securities & Exchange Commission (“SEC”) have employed to impose over $31 billion in penalties over the last 48 years, as well as secure scores of criminal convictions. During the Biden Administration alone, the DOJ and SEC imposed total penalties over $4 billion under the FCPA, so the fact that President Trump just stopped the DOJ from enforcing the FCPA with a stroke of a pen was a change in the enforcement landscape to say the least.
Trump’s FCPA EO follows a wave of fourteen memoranda issued by AG Bondi last week, aimed at overhauling the DOJ’s enforcement priorities. As part of her first day directives, AG Bondi issued a memorandum titled, “Total Elimination of Cartels and Transnational Criminal Organizations,” (“Total Elimination Memo”) which outlines the DOJ’s “fundamental change in mindset and approach” with the goal of the “total elimination” of Cartels and Transnational Criminal Organizations (“TCOs”).[1] The Total Elimination Memo immediately ends the kleptocracy task forces and shifts the DOJ’s enforcement priority to Cartels and TCOs, including redirecting the DOJ’s FCPA Unit and Money Laundering and Asset Recovery Section (“MLARS”) to prioritize cases involving Cartels and TCOs.
Key Takeaways from the FCPA EO and Total Elimination Memo
The FCPA still remains a valid statute, even though the DOJ is pausing criminal enforcement of it for at least 180 days.
The FCPA’s statute of limitations is 5 years, and the EO does not provide violators any legal defense.
It is unclear if the SEC will follow the DOJ’s lead or continue to enforce the civil provisions of the FCPA against US issuers.
Private lawsuits with an FCPA nexus (typically shareholder suits) are not impacted.
The overall risk of FCPA criminal enforcement under the new Trump Administration just decreased significantly. The many pundits who opined that FCPA enforcement would continue unabated in 2025 were wrong.
After AG Bondi issues the new FCPA guidelines, companies should review and revise their compliance programs to comport with the new DOJ guidance.
Given Trump’s stated view that the FCPA “actively harms American economic competitiveness,” the door may be open for a “Trump discount” on penalties, and companies should seriously consider whether to attempt to resolve any potential FCPA liabilities during the current administration once the new guidelines are issued.
Detailed summaries of the FCPA EO and Total Elimination Memo are below.
FCPA EO
The FCPA EO specifically orders the following:
For a period of 180 days following the date of this order, the Attorney General shall review guidelines and policies governing investigations and enforcement actions under the FCPA. During the review period, the Attorney General shall:
cease initiation of any new FCPA investigations or enforcement actions, unless the Attorney General determines that an individual exception should be made;
review in detail all existing FCPA investigations or enforcement actions and take appropriate action with respect to such matters to restore proper bounds on FCPA enforcement and preserve Presidential foreign policy prerogatives; and
issue updated guidelines or policies, as appropriate, to adequately promote the President’s Article II authority to conduct foreign affairs and prioritize American interests, American economic competitiveness with respect to other nations, and the efficient use of Federal law enforcement resources.
Further, the FCPA EO provides that the AG may extend the review period for an additional 180 days and that any FCPA investigations and enforcement actions initiated or continued after the revised guidelines or policies are issued under subsection (a) must be governed by such guidelines or policies and specifically authorized by the AG. The FCPA EO mandates that after the revised guidelines or policies are issued, the AG must determine “whether additional actions, including remedial measures with respect to inappropriate past FCPA investigations and enforcement actions, are warranted and shall take any such appropriate actions or, if Presidential action is required, recommend such actions to the President.”
Total Elimination Memo
AG Bondi mandates that for a period of 90 days—to be renewed or made permanent thereafter—the FCPA Unit must prioritize investigations related to foreign bribery that facilitates criminal operations of Cartels and TCOs (e.g., bribery of foreign officials to facilitate trafficking of narcotics and firearms) and “shift focus away from investigations and cases that do not involve such a connection.” The memorandum also suspends the FCPA Unit’s exclusive requirement to authorize, prosecute, and try these bribery FCPA cases and opens the door for U.S. Attorney’s Offices (“USAOs”) nationwide to bring such cases. USAOs need only to provide the FCPA Unit with a “24-hours’ advance notice of the intention to seek charges” and provide any existing memoranda to the FCPA Unit in advance of seeking charges.
Similarly, under the same 90-day constraint, AG Bondi directed MLARS to prioritize investigations, prosecutions, and asset forfeiture actions that target Cartels and TCOs. The memorandum also disbands the Department’s Task Force KleptoCapture, the Department’s Kleptocracy Team, and the Kleptocracy Asset Recovery Initiative within MLARS and redirects their resources towards the total elimination of Cartels and TCOs. Recently, the Task Force KleptoCapture and Kleptocracy Asset Recovery Initiative targeted Russian oligarchs’ assets and enforced sanctions following Russia’s invasion of Ukraine.
The memorandum also:
Elevates two joint task forces, Joint Task Force Vulcan and Joint Task Alpha, to the Office of the AG to focus efforts on enforcing against Cartels and TCOs, such as Tren de Aragua and La Mara Salvatrucha;
Proposes legislative reforms to control the manufacture and distribution of fentanyl and counterfeit pills; and
Suspends approval or authorization requirements for capital-eligible offenses, terrorism and International Emergency Economic Powers Act charges, and racketeering charges related to Cartels and TCOs for a period of 90 days, potentially to be renewed or made permanent thereafter.
[1] The memorandum incorporates elements of President Donald Trump’s January 20, 2025, Executive Order, “Organizations as Foreign Terrorist Organizations and Specially Designated Global Terrorists,” which designates certain Cartels as Foreign Terrorist Organizations or Specially Designated Global Terrorists, finding that Cartels “institute a national-security threat beyond that posed by traditional organized crime.” See generally, The White House, Executive Order: Designating Cartels And Other Organizations As Foreign Terrorist Organizations And Specially Designated Global Terrorists (Jan. 20, 2025), https://www.whitehouse.gov/presidential-actions/2025/01/designating-cartels-and-other-organizations-as-foreign-terrorist-organizations-and-specially-designated-global-terrorists/?utm_source=sfmc&utm_medium=email&utm_campaign=701cx000002bYOAAA2&utm_content=Alert&utm_id=101800&sfmc_id=00Q4W00001dLmZJUA0&subscriber_id=6548422.
President Trump Orders FCPA Freeze; DOJ Announces Major Policy Realignment De-Emphasizing Corporate Investigations and Enforcement
The much-heralded end to prosecutions brought pursuant to the Foreign Corrupt Practices Act (FCPA)1 never materialized during the first Donald Trump administration, but the second Trump administration has the potential to bring major change to the US Department of Justice’s (DOJ) approach to FCPA enforcement.
On 10 February 2025, President Trump issued an executive order2 freezing the initiation of all new FCPA investigations and enforcement actions for 180 days. The executive order also instructs newly confirmed Attorney General (AG) Pam Bondi to promulgate guidelines on FCPA enforcement and conduct a comprehensive review of existing and historical FCPA investigations and resolutions.
President Trump’s directive comes on the heels of more than a dozen policy memoranda3 issued by AG Bondi on 5 February 2025, that will fundamentally realign DOJ’s operations and enforcement priorities during the second Trump administration. Two key DOJ directives—the memorandum on “Total Elimination of Cartels and Transnational Criminal Organizations” (TCO Memo) and DOJ’s new “General Policy Regarding Charging, Plea Negotiations, and Sentencing” (General Policy Memo)—when taken in concert with the new executive order, have the potential to bring about a seismic shift in DOJ’s approach to corporate investigations and enforcement.
What will the new FCPA guidelines look like? How will DOJ implement the FCPA guidelines and its other recent policy announcements? How will DOJ integrate them into forthcoming changes to the DOJ’s Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy? The answers to these questions will largely define the corporate enforcement landscape for the second Trump administration and beyond.
Freezing FCPA Enforcement
The 10 February 2025, executive order, entitled “Pausing Foreign Corrupt Practices Act Enforcement to Further American Economic and National Security,” rests on two fundamental claims: (1) “Current FCPA enforcement impedes the United States’ foreign policy objectives and therefore implicates the President’s Article II authority over foreign affairs;” and (2) “[O]verexpansive and unpredictable FCPA enforcement against American citizens and businesses…actively harms American economic competitiveness and, therefore, national security.” According to the fact sheet accompanying the executive order, aggressive FCPA enforcement has imposed “a growing cost on our Nation’s economy” and harmed the ability of US companies to obtain “[s]trategic advantages in critical minerals, deep-water ports, and other key infrastructure or assets around the world [that] are critical to American national security.” Given the weighty constitutional, economic, and national security implications at stake, the executive order directs DOJ to:
Immediately cease initiation of any new FCPA investigations or enforcement actions for the next 180 days, unless the Attorney General determines that an individual exception should be made;
Review in detail all existing FCPA investigations or enforcement actions and take appropriate action with respect to such matters to restore proper bounds on FCPA enforcement and preserve presidential foreign policy prerogatives; and
Within 180 days, adopt a “Policy of Enforcement Discretion” by issuing updated guidelines or policies, as appropriate, to adequately promote the president’s Article II authority to conduct foreign affairs and prioritize American interests, American economic competitiveness with respect to other nations, and the efficient use of federal law enforcement resources.
The executive order then prescribes that FCPA investigations and enforcement actions initiated or continued after issuance of the revised guidelines or policies “must be specifically authorized by the Attorney General.” The Attorney General also must comprehensively review DOJ’s FCPA enforcement actions from a historical perspective in order to “determine whether additional actions, including remedial measures with respect to inappropriate past FCPA investigations and enforcement actions, are warranted and shall take any such appropriate actions or, if Presidential action is required, recommend such actions to the President.”
Shifting Enforcement Priorities From Corporates to Cartels
A few days before issuance of the executive order on the FCPA, DOJ issued the TCO Memo and General Policy Memo, which aim to implement President Trump’s goal of attacking the operation of cartels and transnational criminal organizations (TCOs) in the United States and abroad by shifting DOJ’s priorities away from corporate enforcement to four new areas of focus: (1) illegal immigration; (2) transnational organized crime, cartels, and gangs; (3) human trafficking and smuggling; and (4) protecting law enforcement personnel.
Narrowing and Shifting FCPA Enforcement
The TCO Memo also orders a major redirection of resources and focus at DOJ’s FCPA Unit, perhaps the preeminent weapon in DOJ’s corporate enforcement arsenal.
The TCO Memo directs FCPA Unit prosecutors to “prioritize investigations related to foreign bribery that facilitates the criminal operations of Cartels and TCOs, and shift focus away from investigations and cases that do not involve such a connection.” For example, the TCO Memo describes hypothetical cases in which bribery of foreign officials occurs to facilitate human smuggling or narcotrafficking. Historically, such cases represent a tiny minority of DOJ’s overall anti-corruption enforcement activity. In instances where the underlying investigations and prosecutions are related to cartels and TCOs, the TCO Memo suspends the requirement that FCPA investigations and prosecutions, as well as those under the newly enacted Foreign Extortion Prevention Act (FEPA),4 be led by Fraud Section prosecutors.
Deprioritizing Antikleptocracy
The operational and policy shifts at another key DOJ corporate enforcement component, the Criminal Division’s Money Laundering and Asset Recovery Section, are even more drastic. The TCO Memo shutters various high-profile antikleptocracy initiatives, including the Kleptocracy Asset Recovery Initiative5 and Task Force KleptoCapture,6 DOJ’s marquee unit tasked with enforcing sanctions on Russian oligarchs in response to the 2022 Ukraine invasion. Federal prosecutors assigned to those initiatives are instructed to return to their prior posts, and resources formerly devoted to those initiatives will be redirected to the “total elimination of Cartels and TCOs.”
Expanding Corporate Enforcement Authority for US Attorney’s Offices Nationwide
The TCO Memo also authorizes US attorney’s offices nationwide to independently initiate FCPA/FEPA investigations and prosecutions in matters related to cartels and TCOs as part of an effort to remove “bureaucratic impediments” to implementation of DOJ’s new policy objectives. Other bureaucratic impediments removed by AG Bondi include the elimination of the preindictment review requirement for capital-eligible offenses for cases where the defendants are alleged to be members or associates of cartels or TCOs.7 Similarly, approval requirements from DOJ’s National Security Division (NSD) for terrorism and International Emergency Economic Powers Act (IEEPA) charges,8 search warrants, and material witness warrants are also suspended when the matter involves members or associates of any cartel or TCO designated as a foreign terrorist organization. Approval requirements for the filing of racketeering charges9 are likewise suspended for matters involving cartels and TCOs.
Analysis
The executive order and the Bondi policy memoranda are high-level directives that prescribe an unmistakable shift in DOJ’s programmatic focus away from anti-corruption and antikleptocracy enforcement—at least for now. If taken at face value, the actions mandated by the executive order are comprehensive: DOJ must not only promulgate new enforcement guidelines but must also systematically review all historical FCPA resolutions and determine whether any “remedial measures with respect to inappropriate past FCPA investigations and enforcement actions” are warranted.
How Will the Forthcoming DOJ Guidelines Define the “Proper Bounds” on FCPA Enforcement?
The executive order is predicated on the dual imperatives to “preserve Presidential foreign policy prerogatives” and return US companies to a globally competitive footing. Accordingly, the forthcoming guidelines will undoubtedly contain a requirement to consider and analyze the potential foreign policy implications of a proposed FCPA enforcement action—a constitutional “deconfliction” provision of sorts. Where the Bondi DOJ views a prior FCPA action brought forth by the prior administration’s DOJ to have significant geopolitical sensitivities, don’t be surprised if these matters are restructured or even dismissed under this executive order. The guidelines can also be expected to incorporate DOJ’s new enforcement priorities related to elimination of TCOs and cartels. Federal prosecutors will also likely be directed to consider any potentially adverse consequences to US national security like access to critical rare-earth minerals, deep-water ports, and the other key strategic and infrastructural considerations similar to those enumerated in the fact sheet.
The “Pipeline Effect”
Federal corporate investigations typically take many years from initiation to resolution, a timeline that can be significantly dilated by DOJ’s use of mutual legal assistance requests to its international partner agencies. Per the executive order, the dozens of FCPA investigations currently in the “pipeline” will be re-evaluated and are all potentially subject to discontinuation and declination. It is unclear what proportion of ongoing FCPA investigations and enforcement actions will be deemed incompatible with the forthcoming guidelines and discontinued after expiration of the 180-day freeze.
Whither the SEC?
Conspicuously absent from the executive order is any directive to the US Securities and Exchange Commission (SEC) related to its civil enforcement jurisdiction over the FCPA for issuers.10 The fact sheet accompanying the executive order mentions the SEC only once when citing statistics for investigations and enforcement actions initiated in 2024. As of this writing, it is unclear whether the SEC will receive an analogous directive to fundamentally re-evaluate its application of the statute and remediate any “inappropriate” FCPA resolutions from years past.
Who Will Exercise Enforcement Authority?
The executive order specifies that the Attorney General must authorize all FCPA investigations that are initiated or continued following promulgation of the new guidelines. This directive is seemingly at odds with the TCO Memo’s grant of authority to each of DOJ’s 94 US attorney’s offices to independently investigate and charge FCPA/FEPA cases related to TCOs and cartels. It is worth noting that similar requirements have been relaxed for preclearance of IEEPA and Racketeer Influenced and Corrupt Organizations Act (RICO) cases, too, a move that could expand the kinds of charges DOJ brings in corporate enforcement investigations with a cartel or TCO nexus. Time will tell how tight the nexus between the alleged foreign bribery and the cartel or TCO must be, but it is possible that unleashing hundreds of additional federal prosecutors on the FCPA and FEPA statutes will lead to a more robust—albeit significantly modified—enforcement landscape. Ironically, the TCO Memo’s loosening of approval requirements in FCPA and FEPA cases may have the effect of increasing the volume of FCPA enforcement across DOJ’s many subdivisions in this administration’s new priority areas of focus.
Global Enforcement Activity Remains Strong
DOJ routinely works its cross-border investigations with international partner agencies, some of whom have already signaled11 that they will continue their aggressive enforcement posture irrespective of DOJ’s policy realignment. Over the years, the United States has worked closely with partner nations and international organizations, like the Organization for Economic Co-operation and Development, to persuade countries around the world to enact and enforce domestic bribery laws. And even if US enforcers take their foot off the anti-corruption gas pedal, global enforcement of similar anti-corruption laws from authorities like the UK Serious Fraud Office, India’s Central Bureau of Investigation, Brazil’s Federal Prosecution Office, Singapore’s Corrupt Practices Investigation Bureau, and others will continue.
Key Takeaways
Prudent companies should not take the recent executive order and DOJ memoranda as an invitation to relax antibribery and other forms of corporate compliance. Despite the ostensible shift at DOJ, regulators and enforcement agencies across the federal government will continue work in related areas, like economic sanctions and export controls that present complex regulatory and enforcement risks. And even in the FCPA space, certain core prosecutions will likely continue following the review mandated by the executive order, especially in cases where significant violative conduct is directed from the United States.
Additionally, the statute of limitations for a violation of the FCPA is five years, which can be extended by up to three years in instances where DOJ is pursuing evidence from a foreign authority by way of a mutual legal assistance treaty request. In other words, a bribe paid today could ultimately be prosecuted under future administrations well after President Trump has left office. Moreover, the scope and nature of DOJ’s policy shift remains to be seen, and the nexus to cartels and TCOs that DOJ will regard as sufficient to warrant bringing FCPA, FEPA, and RICO charges against companies may be quite attenuated. Accordingly, companies doing business in jurisdictions with a higher presence of cartels and other forms of transnational organized crime should consider stepping up their compliance and due diligence efforts, especially with respect to third-party engagements to ensure no direct or indirect links to problematic entities.
More broadly, effective compliance programs can be an especially powerful prophylactic tool, even given the coming shift in DOJ’s priorities and resource allocation. In enforcement areas that are being deprioritized by DOJ, companies may now enjoy unprecedentedly favorable odds of avoiding prosecutions if they can demonstrate that allegedly problematic conduct was an isolated incident that the company promptly investigated and effectively remediated. As always, robust and proactive compliance policies that are regularly tested and improved can pay huge dividends over the long haul.
Footnotes
1 Renae Merle, Trump called global anti-bribery law ‘horrible.’ His administration is pursuing fewer new investigations, WASHINGTON POST (Jan. 31, 2020), https://www.washingtonpost.com/business/2020/01/31/trump-fcpa/.
2 Pausing Foreign Corrupt Practices Act Enforcement to Further American Economic and National Security, THE WHITE HOUSE (Feb. 10, 2025), https://www.whitehouse.gov/presidential-actions/2025/02/pausing-foreign-corrupt-practices-act-enforcement-to-further-american-economic-and-national-security/. The accompanying fact sheet issued by the White House in conjunction with the executive order, Fact Sheet: President Donald J. Trump Restores American Competitiveness and Security in FCPA Enforcement, THE WHITE HOUSE (Feb. 10, 2025), https://www.whitehouse.gov/fact-sheets/2025/02/fact-sheet-president-donald-j-trump-restores-american-competitiveness-and-security-in-fcpa-enforcement/.
3 AG Bondi’s memoranda involve a wide range of topics, including: reviving the federal death penalty and supporting state prosecutions of death row inmates commuted by former President Biden; establishing an October 7th task force; establishing a “Weaponization Working Group” to review DOJ investigations into, and prosecutions of, President Trump and January 6th; implementing requirements for all DOJ personnel to “zealously” defend, advance, and protect the interests of the United States; returning all DOJ employees to in-person work; prohibiting DOJ from issuing “improper” guidance documents instead of conducting rulemaking; ending “illegal DEI and DEIA discrimination and preferences” and “internal discriminatory practices”; reinstating prohibitions on third-party settlements; rescinding DOJ’s environmental justice memorandum; and ending federal support for sanctuary jurisdictions. The complete list of the memoranda is available at https://www.justice.gov/ag/select-publications.
4 For more on FEPA, see our prior alert: Criminalizing the “Quo:” The New Foreign Extortion Prevention Act Targets the Demand Side of Bribery | HUB | K&L Gates.
5 The Kleptocracy Asset Recovery Initiative prioritized recovering assets misappropriated by corrupt foreign officials, particularly through bribery and embezzlement schemes. One of its most prominent enforcement actions includes the recovery of over US$1.5 billion in misappropriated funds tied to the Malaysian sovereign wealth fund 1Malaysia Development Berhad, including a recent additional recovery of US$20 million.
6 Task Force KleptoCapture, established in March 2022, was created to enforce sanctions, export restrictions, and economic countermeasures by prosecuting violators and seizing assets. Since its launch, the task force has pursued numerous high-profile cases, leading to asset seizures, criminal charges, and forfeiture proceedings against individuals and entities attempting to circumvent US sanctions and launder illicit proceeds.
7 U.S. Dep’t of Just., Just. Manual § 9-10.060 (2023).
8 The policy exempts NSD approval and concurrence requirements for cases involving 18 U.S.C. §§ 2332a, 2332b, 2339A, 2339B, 2339C, 2339D, 21 U.S.C. § 960A, and 50 U.S.C. § 1705.
9 18 U.S.C. §§ 1961–1968.
10 CRIMINAL DIV., U.S. DEP’T OF JUSTICE & ENF’T DIV., U.S. SEC. & EXCH. COMM’N, FCPA: A RESOURCE GUIDE TO THE U.S. FOREIGN CORRUPT PRACTICES ACT 20 (2d ed. 2020), https://www.justice.gov/criminal-fraud/file/1292051/download.
11 Mohamad Al As and Austin Camoens, MACC: 1MDB asset recovery to continue despite shake-up at US DoJ, NEW STRAITS TIMES (Feb. 9, 2025), https://www.nst.com.my/news/nation/2025/02/1172739/macc-1mdb-asset-recovery-continue-despite-shake-us-doj.
Lessons From 2024 Bank Secrecy Act: Anti-Money Laundering Enforcement Actions
In 2024, FinCEN and the federal bank regulators announced more than three dozen enforcement actions against banks and individuals arising from alleged Bank Secrecy Act (BSA), anti-money laundering (AML), and countering the financing of terrorism (CFT) compliance failures. One of these enforcement actions resulted in record-breaking civil and criminal monetary penalties.
In this article, we summarize certain key compliance failures and issues indicated by these enforcement actions against banks. Rather than focusing on any specific institutions, we focus on broader industry issues. The aim of this article is to provide guidance to BSA officers and the boards of directors and senior management of banks as they consider ways in which their institution’s BSA/AML compliance program might need improvement.1
The Five Pillars
BSA/AML enforcement actions typically cite failures with respect to one or more of the five “pillars” of an effective BSA/AML program: (1) a system of internal controls to assure ongoing compliance; (2) independent testing for compliance; (3) designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance; (4) training for appropriate personnel; and (5) appropriate risk-based procedures for conducting ongoing customer due diligence (CDD), including, but not limited to, (a) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (b) conducting ongoing monitoring to identity and report suspicious transactions and, on a risk basis, maintaining and updating customer information, including customer beneficial owner information. A significant portion of the 2024 enforcement actions cited deficiencies in all of the first four of these pillars, and in many other cases, the bank was required to adopt an improved CDD program.
These are the pillars of an effective BSA/AML compliance program because a failure in any of them is likely to cause a failure in an institution’s overall BSA/AML compliance obligations. The whole foundation can collapse when any pillar is weak. Perhaps most important is the failure to file suspicious activity reports (SARs) when required, which in the end is the primary reason for many of the BSA’s regulatory requirements.
The following discussion of compliance issues does not track the five pillars in the same order as listed in the applicable regulation, because we believe that results in a more logical flow. For example, a discussion of suspicious activity monitoring systems logically follows after discussing institutional risk assessments and customer due diligence because the activity monitoring systems should take these other requirements into account.
Internal Controls
When an examiner cites an institution for weak internal controls, that generally reflects a determination that the institution has weak policies, procedures, or processes to mitigate and manage money laundering and terrorist financing risks. This can mean anything from a poor reporting structure, unclear assignments of compliance responsibilities, poor risk assessments, failures to update policies and processes in response to regulatory changes or changes in the institution’s risk profile, weak suspicious activity monitoring systems, or weak risk rating of customers, among other issues. A bank’s system of internal controls, including the level and type, should be commensurate with the bank’s size, complexity, and organizational structure. When an institution is experiencing BSA/AML compliance weaknesses, that often reflects weak internal controls. In the summaries below, we note which of the deficiencies reflect an internal control weakness.
Board and Management Oversight
The Examination Manual states that the board of directors of each bank is responsible for approving the institution’s BSA/AML compliance program and overseeing the structure and management of the institution’s BSA/AML compliance function. The boards of about half of the banks subject to enforcement actions in 2024 were directed to enhance their oversight of their bank’s BSA/AML compliance program. The board also is responsible for setting an appropriate “culture of compliance” with respect to BSA/AML matters, and when an institution is subject to a particularly serious enforcement action, the directors and senior managers may be fined individually.
Oversight by the board requires that the board receive regular reports from compliance staff on the institution’s BSA/AML program, which reports are part of the institution’s internal controls. This would include, among other things, reports from the BSA officer as to SAR filings, reports on any negative findings in compliance audits, reports on remediation steps to address negative audit results, reports on any changes to the institution’s risk assessments, and reports on any deficiencies in the resources that are allocated to the compliance function.
BSA Officer Deficiencies
The BSA officer is central to the effective function of a BSA/AML compliance program. A few of the enforcement actions in 2024 noted that the bank had designated an ineffective BSA officer or one with no prior banking or BSA officer experience.
Other enforcement actions raised these concerns:
BSA/AML staffing that is not proportionate to the bank’s size, risk profile, and ongoing compliance concerns.
BSA officer without appropriate authority or independence. For example, one institution was criticized for having a BSA officer who did not have unilateral authority to file SARs, such as where a senior manager or a committee consisting of business managers made the ultimate decisions. This authority and independence is important to a sound compliance system, in part to avoid any conflicts of interest.
AML monitoring and compliance staff reporting through business line management rather than directly to the BSA officer, thereby weakening the BSA officer’s authority and independence.
It also is important that all AML compliance staff, even if not designated as an “AML officer,” have appropriate experience in BSA and AML matters.
Training
Banks must provide BSA/AML training to appropriate personnel, including all persons whose duties require knowledge or involve some aspect of BSA/AML compliance. This training should be tailored to the specific functions and positions of each individual within the institution. For example, the board of directors and certain staff may receive more general training than that provided to compliance staff and those individuals processing transactions or new accounts. Training generally should address higher-risk customers and activities, depending on the role of the individual to receive such training. In addition, targeted training may be necessary for specific money laundering, CFT, and other illicit financial activity risks for certain business lines or operational units.
Many of the banks entering into consent orders in 2024 were required to develop and implement a new training program. Banks were cited in 2024 for failure to tailor training for frontline retail branch personnel, to train staff on the “AML typologies and risks” associated with the bank’s products and services, and to train on the specialized red flags for specific business lines or higher-risk activities. At least one bank was criticized for inadequate training on the completion and filing of currency transaction reports (CTRs), resulting in the filing of incomplete or inaccurate CTRs. A robust training program for all aspects of BSA/AML compliance is clearly required for every bank.
Inadequate Compliance Resources
A common finding when an institution is subject to an enforcement action is that the institution did not dedicate sufficient financial and personnel resources to BSA/AML compliance. Multiple institutions were cited in 2024 for this failure, and in at least one case for the failure to invest in improvements to address compliance gaps when those investments were deemed to be too costly. At least one institution was accused of maintaining a compensation system that appeared to provide a disincentive for the BSA officer to incur costs to ensure compliance.
AML staffing also should be proportionate to the bank’s size, risk profile, and any ongoing compliance concerns. When these factors change, an increase in staffing and other resources is often called for.
Inadequate staffing and resources can result in failures in numerous areas of BSA/AML compliance. These failures can include having significant backlogs in addressing suspicious activity alerts, an inability to adequately investigate alerts, and backlogs of customers for whom their relationship with the bank should be severed.
Initial and Ongoing Risk Assessments
Banks’ BSA/AML compliance programs should be risk-based. A well-developed BSA/AML risk assessment assists the bank in identifying its money laundering, CFT, and other illicit financial activity risks and then developing and maintaining appropriate internal controls to address the identified risks. A risk assessment generally involves the identification of specific risk categories (e.g., products, services, customers, and geographic locations) unique to the bank and the bank’s analysis of such risks.
A bank should update its risk assessment from time to time, particularly when there are changes in the bank’s products, services, customers, or geographic locations, when the bank expands through mergers or acquisitions, and in response to regulatory changes, alerts, or negative compliance findings.
Many of the recent enforcement actions directed the bank to develop, implement, and adhere to a revised and ongoing BSA risk assessment methodology. Those risk assessments were to address the risks outlined above and include an analysis of the volumes and types of transactions and service by geographic location and the numbers of customers that typically pose higher or elevated BSA risk for the institution.
All risk assessments then should be used by the institution to develop and implement appropriate risk-mitigating strategies and internal controls. The results of each risk assessment should be reported to the board and appropriate senior management, and they then should require progress reports from the BSA officer with respect to any steps needed to reduce risks to appropriate levels.
Customer Due Diligence, Risk Assessments, and Monitoring
The Examination Manual notes that “[t]he cornerstone of a strong BSA/AML compliance program is the adoption and implementation of risk-based CDD policies, procedures, and processes for all customers….” Conducting ongoing CDD is the fifth pillar of an effective BSA/AML compliance program. Its objective is to enable a bank to understand the nature and purpose of customer relationships, including understanding the types of transactions in which a customer is likely to engage. These processes assist the institution in determining when transactions are suspicious and when a SAR might need to be filed.
CDD should enable the bank to assign risk ratings to each customer, and those risk ratings then should be taken into account when establishing customer transaction monitoring systems, with higher risk customers being subject to more stringent transaction monitoring. Customer risk ratings also should be taken into account in the institution’s overall BSA/AML compliance risk assessments.
If a bank determines through ongoing CDD and transaction monitoring that its information on a particular customer has materially changed, that customer information and risk rating should be updated accordingly. In the event a bank discovers that it failed to identify a customer as being a higher risk customer, the bank should revise its risk rating of the customer and consider conducting a transaction review to determine if suspicious activities were not identified.
A large majority of the banks subject to enforcement actions in 2024 were required to develop and implement a new CDD program. The actions often stated that the CDD program must ensure appropriate collection and analysis of customer information when opening new accounts, when renewing or modifying existing accounts, and when the bank obtains “event-driven information” indicating that it should obtain updated information to better understand the nature and purpose of its customer relationships and generate and maintain an accurate customer risk profile.
Suspicious Activity Monitoring Systems and Processes
Having an effective suspicious activity monitoring system and reporting system is a critical internal control and essential to ensuring that a bank has an adequate and effective BSA/AML compliance program. Without such, an institution is more likely to miss suspicious activities and file appropriate SARs.
Per the Examination Manual, the sophistication of a monitoring system should be dictated by the bank’s risk profile, with particular emphasis on the composition of higher-risk products, services, customers, entities, and geographies. It likely would be inappropriate, however, to use a monitoring system that wholly disregards domestic and supposedly lower-risk transactions, and at least one institution was criticized for that in 2024.
The five key components to an effective monitoring and reporting system are:
Identification or alert of unusual activity, which may include employee identification, law enforcement inquiries, other referrals, and transaction and surveillance monitoring system output.
Managing alerts.
SAR decision making.
SAR completion and filing.
Monitoring and SAR filing on continuing suspicious activity.
A transaction monitoring system may have manual elements. These systems may target specific types of transactions, such as large cash transactions or transactions from foreign geographies, with a manual review of reports generated by the bank’s systems. The type and frequency of reviews and resulting reports used should be commensurate with the bank’s BSA/AML risk profile and appropriately cover its higher-risk products, services, customers, entities, geographic locations, and methods of delivering its products and services.
Automated monitoring systems also are appropriate for most or all banks. These systems, sometimes called “surveillance monitoring systems,” include rule-based systems that apply transaction parameters, scenarios, and filters. In all cases, however, those parameters, scenarios, and filters should be tailored to the bank’s risks, and they should be tested periodically to ensure that they are effective.
We therefore have seen enforcement actions criticizing banks for relying on “off-the-shelf” scenarios provided by its vendor without consideration as to whether those scenarios needed to be tailored to the bank’s business. Some enforcement actions also criticized the bank for failure to conduct appropriate testing and gap assessments of their transaction monitoring system.
Finally, we should note that at least one institution was criticized for appearing to have designed at least portions of its monitoring system to focus more on operational burdens and risks rather than BSA/AML compliance.
Failures to File SARs; Potential Consequences
Not surprisingly, those institutions that were cited for having weak CDD or transaction monitoring programs also were often cited for failures to identify suspicious transactions and file SARs as warranted. At least 16 banks were ordered in 2024 to conduct reviews of prior transactions to determine if any SAR filing might have been missed, sometimes referred to as a “look back” review.
When a look back is required, the institution generally must hire an independent consultant to conduct a review and provide a written report on the bank’s suspicious activity monitoring, investigation, decisioning and reporting, identifying any instances in which the bank failed to file a SAR. The regulator then uses this information to decide what fines it will impose and whether to increase any prior fines. If the results of the look back are very negative, the regulator might also order an expanded look back, going further back in time.
Independent Testing
Banks are required to conduct independent testing or audits (the Examination Manual uses these terms interchangeably) of the bank’s BSA/AML compliance program. The testing can be conducted by the bank’s internal audit department or by qualified third parties, but the auditor never should be involved in business operations or BSA-related functions due to the potential for conflicts of interest or lack of independence. The results of all independent testing should be reported directly to the board of directors or a designated committee thereof that is composed primarily or completely of outside directors.
The Examination Manual directs examiners to obtain and review the independent testing reports, including any scope and workpapers. If the examiner finds that the testing was adequate given the bank’s risk profile, that can comfort the examiner and might lead to a softer-touch examination. If the examiner concludes that the testing was deficient, the bank can expect a rigorous examination.
Several of the banks subject to enforcement actions in 2024 were found by the examiner to have deficient independent testing. In one instance, the examiner concluded that the testing was insufficient in scope given the institution’s risk profile and that it only determined whether controls existed and not if they were in fact being used. In certain other instances when the enforcement action did not specifically criticize prior testing, the bank still was required to perform new independent testing and provide the results to the examiner.
Many other banks were directed to establish a new independent audit program that would address and determine, among other things, the bank’s money laundering, terrorist financing, and other illicit financial activity risks; whether the bank’s policies, procedures, and processes for BSA/AML compliance were appropriate for the bank’s risk profile; whether the bank actually adhered to such policies, procedures, and processes; and whether management took appropriate and timely action to address any deficiencies.
Next Steps
In light of these enforcement actions, there are a number of steps that a bank might want to consider and questions that it might want to ask of itself.
Risk Assessments
Is the assessment of your institution’s money laundering, CFT, and sanctions risks appropriately tailored to your products, services, customers, geographic locations, and your methods of delivering your products and services? Have any of these factors changed since your last risk assessment such that a new risk assessment is advisable? Some institutions might decide that it is appropriate to engage a third party to conduct a new risk assessment, both to obtain an independent view of your risk assessment and so as not to over-burden internal resources who need to focus on day-to-day compliance matters.
Customer Due Diligence
Is your customer due diligence thorough and ongoing? Are customers appropriately risk rated, and is that risk rating adjusted when new information about the customer is obtained? Is customer information and their risk rating incorporated into your transaction monitoring systems? If you rely on a fintech partner or other third party for customer due diligence, you might want to confirm that they are obtaining and updating customer information as needed to ensure BSA/AML compliance.
Transaction Monitoring
Are your transaction monitoring thresholds, filters, and scenarios appropriately tailored to your products, services, customers, geographic locations, and your methods of delivering your products and services? If you are relying on third-party monitoring systems, have you reviewed their thresholds, filters, and scenarios and confirmed that they are appropriate for your institution? Have these thresholds, filters, and scenarios been tested recently?
Independent Testing
Unless your institution recently performed or had performed thorough independent testing, you might want to consider new testing. As with your risk assessments, it might be best to engage a third party to conduct this testing, both to obtain an independent opinion of your organization and so as not to overburden your internal resources who need to focus on day-to-day compliance matters.
Resources
Has your BSA officer or any independent testing provider suggested that additional resources are needed, and have these suggestions been heeded?
Voluntary SAR Look Back
If the results of independent testing or testing of your transaction monitoring system suggests that the institution might have failed to identify suspicious transactions or file SARs, you might want to consider voluntarily conducting a SAR look back. In this way, you might be able to reduce the negative impacts of your next BSA/AML compliance program.
BSA/AML compliance is not inexpensive, but enforcement actions can cost far more. In addition to needing to spend time and money to address the issues raised in the action, and potentially paying fines, banks with serious BSA/AML compliance deficiencies may be blocked for a period of time from offering new products or services, opening new branches, or engaging in acquisitions. A bank that is subject to a consent order or a formal written agreement with its regulator also generally is not an “eligible bank” for purposes of corporate applications, meaning that expedited treatment of those applications is unavailable. For all of these reasons, we recommend that banks take heed to the lessons that can be gleaned from 2024’s round of enforcement actions so as to avoid being a target in 2025 or beyond.
Footnotes
1 This article focuses only on the compliance issues that were raised by the 2024 enforcement actions. We are not attempting to provide a complete guide to BSA/AML compliance, but only to highlight areas in which an examiner concluded an institution was deficient. In order to provide regulatory background, we sometimes draw from the Bank Secrecy Act/Anti-Money Laundering Examination Manual of the Federal Financial Institutions Examination Council, often without attribution but sometimes by referring to the “Examination Manual.”
Corporate Transparency Act Compliance Still on Hold, For Now
On January 23, the U.S. Supreme Court lifted a nationwide preliminary injunction on the enforcement of the Corporate Transparency Act (the CTA), a law requiring millions of business entities to report information about their individual beneficial owners (including the individual persons who control them) to the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury. The preliminary injunction was originally issued by the U.S. District Court for the Eastern District of Texas in the case of Texas Top Cop Shop, Inc. v. Bondi—formerly, Texas Top Cop Shop v. Garland.
Despite the Supreme Court’s decision in Texas Top Cop Shop, the CTA reporting obligations are still on hold due to a separate nationwide injunction that remains in place. The second nationwide injunction was issued by a different judge of the U.S. District Court for the Eastern District of Texas in the case of Smith v. U.S. Department of the Treasury. The federal government has filed an appeal to the U.S. Court of Appeals for the Fifth Circuit seeking to lift the Smith injunction. This appeal represents the first action taken by the federal government in a CTA court proceeding since January 20, 2025, when the new administration took office.
If the injunction in the Smith case is lifted, the reporting obligations under the CTA would resume and all non-exempt reporting companies would be required to file beneficial ownership information reports (“BOIRs”) within a deadline to be determined by FinCEN. Notably, the government’s request for a stay in the Smith case pending appeal stated that FinCEN intends to extend the CTA compliance deadline for 30 days if the stay is granted. The government also implied that FinCEN is considering changes to the CTA’s reporting requirements to alleviate the burden on low-risk entities while prioritizing enforcement to address the most significant risks to U.S. national security.
Background
See below to view a timeline of notable developments.
What Might Happen Next
The future of the CTA remains in limbo. For now, FinCEN has acknowledged that a nationwide preliminary injunction in the Smith case remains in place, meaning that reporting companies are not currently required to file BOIRs with FinCEN, and further, that reporting companies are not currently subject to liability if they fail to do so. FinCEN has stated that reporting companies may continue to voluntarily submit BOIRs.1
Neither the Supreme Court nor any lower court has made a determination on the merits of the constitutionality of the CTA; the rulings to date have only concerned whether the CTA may be enforced while litigation over the validity of the CTA continues.
As stated above, CTA reporting obligations will likely resume if the Smith injunction is lifted (presumably, within 30 days of such decision), and also could resume in the future depending on the final outcomes in the Smith and Texas Top Cop Shop cases. While new developments may arise in the ongoing litigation over the CTA, Congress could also settle the debate by repealing the CTA.
Given the uncertain landscape, reporting companies who have yet to file their initial BOIRs should consider whether to continue reviewing their reporting obligations under the CTA, as such reporting companies may be required to file BOIRs within 30 days if the government’s request for a stay in the Smith case is granted. Likewise, reporting companies that have already filed should consider whether any changes have occurred to information previously reported, and should be ready to file updated or corrected reports relating to such changes or developments that occur during the pendency of the preliminary injunction. Reporting companies may also choose to voluntarily file initial or updated reports at any time despite the preliminary injunction.
Timeline
Below is a timeline of notable developments since the original nationwide preliminary injunction was issued.
December 3, 2024 – U.S. District Court for the Eastern District of Texas issued a nationwide preliminary injunction against enforcement of the CTA in the Texas Top Cop Shop case.
December 5, 2024 – The government appealed the ruling in the Texas Top Cop Shop case to U.S. Court of Appeals for the Fifth Circuit.
December 6, 2024 – FinCEN issued a statement that it will not enforce the reporting requirements while the injunction is in place and that filing BOIRs during such period is voluntary.
December 13, 2024 – The government filed a motion with the Fifth Circuit seeking an emergency stay of the injunction in the Texas Top Cop Shop case.
December 23, 2024 – A motions panel of the Fifth Circuit granted the government’s emergency motion, issuing a stay of the injunction in the Texas Top Cop Shop case pending the Fifth Circuit’s review of the merits of the appeal. Shortly thereafter, FinCEN reinstated the CTA reporting obligations and extended the reporting deadline from January 1 to January 13, 2025
December 26, 2024 – A separate panel of judges on the Fifth Circuit vacated the stay and reinstated the injunction originating in the Texas Top Cop Shop case, effectively suspending enforcement of the CTA reporting requirements under the CTA. In doing so, the merits panel reasoned that the constitutional status quo needs to be preserved while it considers the parties’ substantive arguments. The Fifth Circuit issued an expedited briefing and oral argument schedule under which briefing is to be completed by February 28, 2025, and oral arguments to occur on March 25, 2025.
December 27, 2024 – FinCEN issued a new statement that it will not enforce the reporting requirements while the reinstated Texas Top Cop Shop injunction is in place and that filing BOIRs during such period is voluntary.
December 31, 2024 – The government filed an emergency application with the Supreme Court for a stay of the injunction originating in the Texas Top Cop Shop case.
January 7, 2025 – U.S. District Court for the Eastern District of Texas issued a separate nationwide preliminary injunction against enforcement of the CTA in the Smith case.
January 15, 2025 – U.S. Senator Tommy Tuberville and Congressman Warren Davidson re-introduced the Repealing Big Brother Overreach Act in Congress seeking to overturn the CTA.
January 23, 2025 – Supreme Court lifted the nationwide injunction originating in the Texas Top Cop Shop case; the Supreme Court’s order did not address the separate nationwide injunction originating in the Smith case.
January 24, 2025 – FinCEN issued a statement that, despite the Supreme Court’s order, reporting companies are still not required to file BOIRs due to the Smith injunction.
February 5, 2025 – The government filed an appeal case seeking a stay of the injunction originating in the Smith case.
1 Further updates from FinCEN can be found at https://fincen.gov/boi.
Scott D. DeWald, Andrew F. Dixon, Laura A. Lo Bianco, Mark Patton, Mark D. Patton, Matthew C. Sweger, Amanda L. Thatcher, and Karen L. Witt