Elder Financial Exploitation

Fraud of all sorts remains on the rise. The federal regulatory banking agencies seem to be focusing on educating banks in an effort to decrease losses to the bank and customers as a result of these scams, especially those geared toward older adults.
In late 2024, the various regulatory agencies issued an Interagency Statement on Elder Financial Exploitation that provided guidance to banks with the goal of increasing the detection and prevention of elder financial exploitation. FinCEN has also previously issued an Advisory and a Financial Trend Analysis on Elder Financial Exploitation.
The Interagency Statement provides banks with nine areas to consider when implementing steps to decrease elder financial exploitation:

Governance and oversight
Employee training
Transaction holds and disbursement delays
Use of trusted contacts
Filing of Suspicious Activity Reports
Reporting to authorities
Providing financial records to appropriate authorities
Engaging with prevention and response networks
Consumer outreach and awareness resources from government agencies

Of those nine areas, I think it is important to address in this article those of employee training, transaction holds and disbursement delays, and the use of trusted contacts.
In recent years, many states have adopted legislation to allow banks to stop or hold a transaction upon a good faith or reasonable belief that such transaction would result in the financial exploitation of an elderly customer. While each state’s laws may read differently, the typical scenario is that a bank may have a time frame during which the transaction may be held or delayed but it must report the information to its state’s adult protective services department or similar agency or department. Now is a good time to review your state’s laws related to financial elder exploitation to determine what your bank can do to stop this type of fraud. These laws may also address other individuals the bank may alert and what information may be provided in these instances.
Training is also of the utmost importance. While it is typical for a bank’s BSA department to monitor accounts for unusual or suspicious account activity and to detect unusual transactions or account patterns outside of a customer’s norm, often such monitoring is completed after the transactions have been conducted. Every bank should train its frontline staff on the red flags and warning signs of elder financial exploitation. A bank’s frontline staff is more likely to notice behavioral red flags such as unusual interactions with a caregiver, urgency in sending a wire, a lonely elder mentioning a new friend who needs money, etc.
Finally, while it is not yet common practice, banks should consider implementing the use of trusted contacts. In order to establish a trusted contact, the bank would obtain permission from its customer to contact a third party designated by the customer when elder financial exploitation is suspected. This would allow the bank to share information that would otherwise be prohibited by privacy laws and regulations and get additional assistance in protecting its customer.
The Interagency Statement offers a clear road map for banks to enhance their efforts in preventing elder financial exploitation. By focusing on the nine critical areas — from governance and employee education to consumer outreach and collaboration with authorities — financial institutions can build stronger protections and more responsive systems. Prioritizing these steps not only mitigates risk but also affirms a commitment to the well-being and financial security of older adults.

Financial Industry Concerns Cause FCC to Delay Implementation of Broad Consent Revocation Requirement under TCPA

On April 11, 2025, a controversial new rule by the Federal Communications Commission (FCC) was set to take effect to modify consent revocation requirements under the Telephone Consumer Protection Act (TCPA). But each of the rule’s mandates, as codified at 47 CFR § 64.1200(a)(10), did not go into effect on that date. Just four days before, the FCC issued an Order delaying the rule’s requirement that callers must “treat a request to revoke consent made by a called party in response to one type of message as applicable to all future robocalls and robotexts . . . on unrelated matters.” See FCCOrder, Apr. 7, 2025 (emphasis added).
The plain language of the rule is generally broad. It states that consumers may use “any reasonable method” to revoke consent to autodialed or prerecorded calls and texts, and that such requests must be honored “within a reasonable time not to exceed ten business days.” The rule then goes on to delineate certain “per se” reasonable methods by which consumers may revoke consent. For example, if a consumer responds to a text message with the words “stop,” “quit,” “end,” “revoke,” “opt out,” “cancel,” or “unsubscribe,” then the consumer’s consent is “definitively revoked” and the sender is thereafter barred from sending any “additional robocalls and robotexts.”
Many industry participants—especially the banking industry—have been critical of the rule. One major concern is its sprawling effect. For example, under the rule, if a consumer were to respond to a marketing communication with the word “unsubscribe” or the like, then the sender and all of its business units may be forced to cease unrelated forms of communication on issues such as the provision of account notices or other informational matters. 
The banking industry has taken issue with the burdens imposed by the rule as well. That include concerns about “numerous challenges” financial institutions face in attempting to modify existing call platforms to comply with the rule, with “substantial work” being required by “larger institutions with many business units with separate caller systems.” See FCC Order ¶ 6. The bank industry has also raised challenges faced by financial institutions in “designing a system that allows the institution . . . [to] not apply a customer’s revocation to a broader category of messages than the customer intended.” See FCC Order ¶ 9.
The banking industry’s concerns ultimately appear to be what persuaded the FCC to stay the implementation of Section 64.1200(a)(10) in part earlier this month. The new rule is now set to not go fully into effect until April 11, 2026. For the time being, that means banks and other companies receiving a consent revocation request from a consumer in response to one type of message may not necessarily be prohibited from communicating with the consumer using “robocalls and robotexts from that caller on unrelated matters.” The FCC nonetheless suggests—albeit vaguely—that it will enforce any additional obligations required under the new Section 64.1200(a)(10), so companies engaging in TCPA-regulated communication practices should take heed accordingly. 

If You Agree That Stock Issuance Was Not “Compensation, Salary, Or Income”, You May Want To Think Carefully Before Issuing A Form 1099

Ten years ago, Hovik Nazaryan sued Femtometrix, Inc. claiming that the company had issued shares to him than it had promised. The parties settled the lawsuit. The settlement agreement provided that the stock issued to Mr. Nazaryan “is not ‘compensation,’ ‘salary,’ or ‘income’ for services performed by [Nazaryan].” The settlement agreement further provided “The Settlement Stock, and any other stock issued by way of this Agreement, is being provided to [plaintiff] as ‘Founder’s Stock’ for his capital/equitable contributions to Femtometrix as alleged by [Nazaryan] in the Action, and the Parties will classify it as such, for all purposes to the extent permitted by law.” When Femtometrix later issued 1099 forms, Mr. Nazaryan sued. The action was removed to federal court but U.S. District Court Judge James V. Selna remanded the case to the Superior Court. Nazaryan v. FemtoMetrix, Inc., 2019 WL 3545452 (C.D. Cal. Aug. 5, 2019) based on a forum selection clause in the settlement agreement.
The trial court held that Femtometrix had breached the settlement agreement and had issued fraudulent information returns under Internal Revenue Code section 7434. Yesterday, the Court of Appeal affirmed. Notably, the Court of Appeal, while acknowledging a split of authority in the federal courts, upheld the trial court’s decision to hold Femtometrix’s chief executive and financial officers jointly and severally liable.

The UK’s Failure to Prevent Fraud Offense

Effective September 1, 2025, the UK’s Failure to Prevent Fraud offense will go into effect as part of the UK’s Economic Crime and Corporate Transparency Act 2023 (the ECCTA). The law significantly expands corporate liability for fraud committed by employees and other associated persons of relevant corporates and will require compliance refinement for any business within scope of the offense operating in connection with the UK. The UK government (its Home Office) published guidance in 2024 (the “Guidance”) to help companies navigate this corporate criminal fraud offense as well as take appropriate action to help prevent fraud.
As companies continue to grapple with recent developments regarding enforcement of the FCPA, international efforts to curb bribery and corruption have not waned. Foreign governments continue to prioritize anti-corruption enforcement such as the European Commission’s proposed directive from May 2023 to combat corruption, the ECCTA and Failure to Prevent Fraud Offense, as well as the recently announced International Anti-Corruption Prosecutorial Task Force with the UK, France, and Switzerland. These cross-border initiatives demonstrate how a temporary pause in U.S. enforcement of the FCPA should not result in companies moving away from maintaining robust and effective compliance programs.
The Failure to Prevent Fraud Offense
You can see more detail on the new offense in this article from our UK colleagues. In summary, a “large organization” can be held criminally liable where an employee, agent, subsidiary, or other “associated person” commits a fraud offense intending to benefit the organization or its clients, and the organization failed to have reasonable fraud prevention procedures in place. An employee, an agent or a subsidiary is considered an “associated person” as are business partners and small organizations that provide services for or on behalf of large organizations. Regarding the underlying fraud offense itself, this includes a range of existing offenses under fraud, theft and corporate laws, which the UK’s Home Office notes as including “dishonest sales practices, the hiding of important information from consumers or investors, or dishonest practices in financial markets.”
A “large organization” for purposes of the fraud offense is defined as meeting two of the following three thresholds: (1) more than 250 employees; (2) more than £36 million (approx. USD $47.6 million) turnover; (3) more than £18 million (approx. USD $23.8 million) in total assets – and includes groups where the resources across the group meet the threshold. Further, the fraud offense has extraterritorial reach, meaning that non-UK companies may be liable for the fraud if there is a UK nexus. This could play out in several scenarios. For example, the fraud took place in the UK, the gain or loss occurred in the UK, or, alternatively, if a UK-based employee commits fraud, the employing organization could be prosecuted, regardless of where the organization is based.
What Companies Can Do Now
The Failure to Prevent Fraud offense is an important consideration in corporate compliance, extending beyond UK-based companies to non-UK companies with operations or connections in the UK. The only available defense to the failure to prevent fraud offense is for the company to demonstrate that it “had reasonable fraud prevention measures in place at the time that the fraud was committed.” Or, more riskily that it was not reasonable under the circumstances to expect the organization to have any prevention procedures in place. To that end, the Guidance outlines six core principles that should underpin any effective fraud prevention framework: (1) top-level commitment; (2) risk assessment; (3) proportionate and risk-based procedures; (4) due diligence; (5) communication and training; and (6) ongoing monitoring and review. Specifically, the Guidance makes clear that even “strict compliance” with its terms will not be a “safe harbor” and that failure to conduct a risk assessment will “rarely be considered reasonable.” These principles mirror the now well-established principles in the UK that apply to the UK offences of failure to prevent bribery under the UK Bribery Act 2010, and failure to prevent the facilitation of tax evasion under the UK Criminal Finances Act 2017.
Companies should consider the following proactive steps:

Determining whether they fall within the scope of the ECCTA’s fraud offense.
Identifying individuals who qualify as “associated persons.”
Conducting and documenting a comprehensive fraud risk assessment to determine whether the company’s internal controls adequately address potential fraudulent activity involving the company.
Ensuring due diligence procedures, as related to, for instance, external commercial partner engagements and other transactions, address the risk of fraud in those higher risk activities.
Reviewing and updating existing policies and procedures to address the risks of fraud.
Communicating the company’s requirements around preventing fraud and providing targeted training to employees and other associated persons, including subsidiaries and business partners, to make clear the company’s expectations around managing the risk of fraud. 
Establishing fraud related monitoring and audit protocols, including in relation to third party engagements, for ongoing oversight and periodic review.
Ensuring these policies and procedures are aligned with other financial crime prevention policies and procedures and relevant regulatory expectations.

The months ahead are a critical window to align internal policies and procedures not only with the UK’s elevated enforcement expectations as evidenced by the ECCTA and the Failure to Prevent Fraud offense, but also as bribery and corruption remain a mainstay priority for other foreign regulators. Companies should continue to prioritize the design, implementation, and assessment of their compliance internal controls. Companies with a well-designed and effective compliance program will be better equipped to adapt as regulatory landscapes shift and emerging risks develop, enabling companies to more efficiently respond to new enforcement trends.

European Commission Publishes the AI Continent Action Plan

On April 9, 2025, the European Commission published the AI Continent Action Plan (the “Action Plan”). The objective of the Action Plan is to strengthen artificial intelligence (“AI”) development and uptake in the EU, making the EU a global leader in AI. The Action Plan builds upon the InvestAI initiative that aims to mobilize €200 billion for investment in AI in the EU.
The Action Plan is divided into five strategic areas where the EU intends to intervene to foster its AI ambitions:

Computing infrastructure. Measures envisioned include setting up 13 AI Factories across the EU, five AI Gigafactories (powered by over 100,000 advanced AI processors) for which it will mobilize €20 billion from the InvestAI initiative, and proposing a Cloud and AI Development Act to boost private investment in the EU in cloud and data centers.
Data. The European Commission aims to fully realize the single market for data through the upcoming Data Union Strategy. This strategy intends to respond to the scarcity of robust and high-quality data for the training and validation of AI models. The European Commission will also implement data labs within AI factories to gather and organize high-quality data from diverse sources and continue supporting the deployment of Common European Data Spaces.
Foster innovation and accelerate AI adoption in strategic EU sectors. Measures to be implemented include adapting scientific research programs to boost development and deployment of AI/generative AI, and through the Apply AI Strategy, integrating AI in strategic sectors and boosting the use of this technology by the European industry.
Strengthen AI skills and talent. Measures to be implemented include facilitating international recruitment, supporting the increase in provision of EU bachelor’s and master’s degrees as well as PhDs focusing on key technologies, including AI, and promoting AI literacy in the current workforce.
Fostering regulatory compliance and simplification. Measures to be implemented in this context include creating an AI Act Service Desk through which organizations may request clarifications and obtain practical advice regarding their AI Act compliance. The European Commission will also continue its efforts with regards to providing AI Act guidance and launch a process to identify stakeholders’ regulatory challenges and inform possible further measures to facilitate compliance and possible simplification of the AI Act.

Read the AI Continent Action Plan.

CAA Taps Julie Zorn to Build a Family Office Powerhouse

Why is one of the world’s most influential talent agencies expanding from managing fame to managing wealth?
Creative Artists Agency (CAA) is entering the Family Office space with a new advisory division focused on ultra-high-net-worth clients. This is more than a service expansion-It reflects a shift in how CAA supports individuals at the center of culture and capital.
With the launch of its Global Family Office Advisory division, led by veteran adviser Julie Zorn, CAA is becoming a partner in long-term planning, legacy building, and wealth strategy.
A Generational Wealth Transfer Creates a Timely Opening
Cerulli reports that $124 trillion will pass from one generation to the next by 2048. Much of that wealth belongs to individuals who built fortunes through entrepreneurship and entertainment.
These clients are not just seeking investment results. They are focused on structure, values, and impact. CAA already plays a key role in their public lives. Now, it is helping them build systems to preserve wealth across generations.
An Experienced Leader Behind the Strategy
Julie Zorn brings over two decades of experience advising families on establishing and managing Family Offices. Her background includes senior roles at Citi and BMO Harris, where she designed governance frameworks, recruited leadership, and built long-range plans.
Her work helps clients create systems aligned with their goals to support long-term wealth. This includes governance, operations, team development, and leadership planning.
A Strategic Path Toward a Multi-Family Office Model
Most celebrity clients are not looking to build a Family Office from scratch. It is costly and complex. Yet, they want privacy, control, and tailored advice. A shared platform offers those benefits without the burden.
CAA is positioned to deliver this. With a trusted network and strong client insight, the firm could build a multi-family office model that is both efficient and personal.
A Natural Evolution of CAA’s Role
If successful, CAA will move beyond representation to become a long-term partner in how clients approach legacy and continuity.
This expansion raises the bar for advisors who have struggled to serve public wealth creators. CAA understands the balance between visibility and privacy, and the mindset of clients navigating influence and affluence.
A Broader Shift in How Wealth Is Managed
This reflects a broader change in how modern wealth holders want to be supported. Today’s clients seek partners who understand their goals and offer integrated solutions.
CAA is entering a space that has long lacked clarity. If it succeeds, it may reshape how the next generation of wealth creators approaches legacy.
CAA is making a long-term investment in its clients’ futures. No longer just guiding careers, the firm now helps build structures that last. For those managing wealth and visibility, that may be the most valuable role of all.

ESMA Releases Final Draft RTS and Guidelines on Liquidity Management

ESMA Guidelines and Final Draft RTS on Liquidity Management Tools of UCITS and Open-Ended AIFs
Pursuant to the revised Directive 2011/61/EU (AIFMD) and Directive 2009/65/EC (UCITS Directive), the European Securities and Markets Authority (ESMA) was tasked with developing guidelines on the selection and calibration of liquidity management tools (LMTs) and developing regulatory technical standards (RTS) to determine the characteristics of LMTs available to managers of alternative investment funds (AIFs) (AIFMs) and of undertakings for collective investment in transferable securities (UCITS) (UCITS ManCos). On the back of this mandate, ESMA published a consultation paper (CP) on the draft guidelines and RTS. 
The consultation period closed on 8 October 2024, with ESMA receiving 33 responses. Taking into account this stakeholder feedback, on 15 April 2025, ESMA published (i) its final report on the Guidelines on LMTs of UCITS and open-ended AIFs (the Guidelines) and (ii) its final report on the draft Regulatory Technical Standards on Liquidity Management Tools under the AIFMD and UCITS Directive. 
Final Report on Guidelines on LMTs of UCITS and Open-Ended AIFs
On the back of feedback received during the consultation, ESMA made a number of changes to the Guidelines, deleting several sections that were previously included in the CP and amending other sections to provide more flexibility to AIFMs and UCITS ManCos. The Guidelines were also streamlined to avoid any overlaps with the RTS and the text contained in the AIFMD and UCITS Directive. Notable deletions from the Guidelines include:

The guideline on governance principles, which previously stated that fund managers should develop an LMT policy which should document the conditions for the selection, activation and calibration of LMTs, and an LMT plan.

ESMA noted that the majority of stakeholder feedback highlighted that the LMT policy should be kept as an internal guidance document, and on the basis that the AIFMD and UCITS Directive already contain provisions mandating the implementation of policies and procedures for the activation and deactivation of LMTs and operational and administrative arrangements, ESMA deleted the sections of the Guidelines dedicated to the governance principles. 

The guideline on disclosure to investors, which mandated managers to provide disclosure to investors on the selection, activation and calibration of LMTs in the fund documentation, rules or instruments of incorporation, prospectus or periodic reports.

ESMA noted that notwithstanding the fact that the majority of stakeholders supported the principle of improving transparency to investors, they stressed the importance to strike the balance between appropriate disclosure, investor protection and unintended consequences. On the back of this, ESMA decided not to retain these sections of the Guidelines, but noted that managers should nonetheless be cognisant of the LMT disclosure obligations set down in the AIFMD and UCITS Directive for example, that a description of the AIF’s liquidity risk management shall be made available to investors by the AIFM. 

Certain other restrictive guidelines, including those that imposed more restrictive obligations on the selection, activation and calibration of LMTs, as it was noted that these guidelines limited the sole responsibility of the manager as prescribed by the AIFMD and UCITS Directive. 

In contrast, ESMA retained certain guidelines that had previously been pushed back on by stakeholders including the guideline whereby managers should consider, where appropriate, the merit of selecting at least one quantitative LMT and at least one anti-dilution tool. While retaining this guideline, ESMA stressed that it is without prejudice to the ultimate responsibility of the manager for the selection of LMTs, including, where appropriate, redemptions in kind. 
In light of the consultation feedback, ESMA noted that it has opted against a restrictive approach in the final Guidelines, instead emphasising the manager’s sole responsibility for selecting and implementing LMTs. 
Draft Regulatory Technical Standards on Liquidity Management Tools Under the AIFMD and UCITS Directive
As was the case with ESMA’s final report on the Guidelines, ESMA, on the back of feedback received from stakeholders, made a number of updates to the draft RTS, in particular to make several changes and clarifications with regard to redemption gates, and also to remove the requirement to apply the same rules to all share classes. 
Taking into account feedback from stakeholders, ESMA introduced flexibility in the way in which the activation threshold for redemption gates of AIFs can be expressed. The RTS for AIFs now stipulate that the thresholds can be expressed: (i) as a percentage of the net asset value (NAV) of the AIF, (ii) in a monetary value (or a combination of both), or (iii) as a percentage of liquid assets. For UCITS however, ESMA retained the existing language regarding activation thresholds in that they shall only be expressed as a percentage of the NAV of the UCITS. In addition to this, ESMA introduced an alternative method for the application of redemption gates for AIFs and UCITS under which redemption orders below or equal to a pre-determined redemption amount can be fully executed while redemption orders above this amount are subject to the redemption gate. This mechanism, ESMA explained, should serve to avoid small redemption orders being affected by large orders that drive the amount of redemptions above the activation threshold. 
In addition, the draft RTS previously included provisions requiring the same level of LMTs to be applied to all share classes, however, given that the mandate of the RTS did not support the development of specific and comprehensive application of LMTs to share classes, these provisions have been removed. 
Finally, stakeholder feedback alerted ESMA of the unintended consequences of the rules on redemption in kind for the functioning of the primary market of exchange-traded funds (ETFs). On the back of this, ESMA included a new provision in the UCITS RTS clarifying that the rule on pro-rata approach in the case of redemption in kind did not apply to authorised participants and market makers operating on the primary market of ETFs. 
What Comes Next?
In terms of next steps, the final draft RTS have been submitted to the European Commission (the EC) for adoption and the EC have three months (which can be extended by one further month), to make a decision. The Guidelines shall start to apply on the date of entry into force of the RTS. Funds that existed before the entry into force of the RTS shall have 12 months to comply with the Guidelines. 

Central Bank Fitness & Probity Consultation and Updates – April 2025

Following the 2024 independent review by Mr Andrea Enria (former Chair of the European Central Bank Supervisory Board) of the Central Bank of Ireland’s Fitness & Probity (F&P) assessment process, the Central Bank has published a report outlining the progress made on implementing Mr. Enria’s 12 recommendations and launched a consultation on proposed revisions it its F&P regime.
Report on Implementation of Recommendations
The report details the actions taken to date by the Central Bank to implement Mr. Enria’s recommendations across the review’s three areas of focus – (1) clarity of supervisory expectations; (2) internal governance of the process; and (3) fairness, efficiency and transparency of the process.
In response to the review’s finding that the Central Bank’s F&P standards were “fragmented across different documents and not user-friendly”, the Central Bank has proposed to update and consolidate the Central Bank’s guidance on the F&P standards into a single document.
The review also highlighted critical areas for improvement within the F&P gatekeeping process, including the need for enhanced seniority and independence in the final decision making stages. To address these gaps, the Central Bank has established a new F&P unit which has ownership of: (i) F&P gatekeeping assessment work with certain key responsibilities such as conducting assessment work across all F&P gatekeeping applications, (ii) approving F&P applications, and (iii) ensuring adherence to established process and progression of decisions in a timely manner. In addition, in cases of potential refusal, the F&P unit will now refer cases to a newly established ‘Gatekeeping Decisions Committee’ which is chaired by the Deputy Governor of Financial regulation within the Central Bank.
It was further noted that the Central Bank could make improvements to ensure that appropriate standards of fairness, efficiency and transparency are consistently achieved. To acknowledge this finding, the Central Bank has published an assessment process document which aims to codify and reflect the principle that regulatory assessments must be conducted with the utmost integrity and to ensure that applications are treated equitably.
Consultation Paper on Amendments to the Fitness and Probity Regime (CP160)
In addition to the report, the Central Bank published a consultation paper (CP160) in order to address the recommendations for increased clarity and transparency of supervisory expectations in relation to the application of the Central Bank’s F&P standards.
As part of this consultation, the Central Bank has sought feedback from stakeholders on the consolidation of and proposed enhancements to its existing guidance on the F&P standards, a draft of which is available on the Central Bank’s website (the Revised Guidance). With this Revised Guidance, the Central Bank aims to ensure industry understanding of the F&P assessment process by: (a) identifying and incorporating objective measures and role summaries for certain pre-approval controlled functions (PCFs); (b) including specific provisions on identifying, managing and mitigating conflicts of interest; (c) clarifying the way in which collective suitability and diversity within board and management teams are assessed; and (d) outlining the approach to be taken in determining the relevance of past events to an individual’s application.
The Central Bank further proposes to undertake a substantive review of PCF roles with a view to ensuring that the level of Central Bank gatekeeping is appropriate however, due to the fact that the list of PCF roles is embedded in the Senior Executive Accountability Regime Regulations, which is in its early stages of introduction, the Central Bank plans to defer this review to 2027. In the meantime however, the Central Bank has proposed to remove the sector specific categorisations so that there will be one list of PCFs applying to all regulated firms (other than Credit Unions).
Submissions to the consultation can be made via [email protected] until 10/07/2025.

The Lobby Shop: Reconciliation Reckoning [Podcast]

The Lobby Shop team turns their focus on the ongoing budget reconciliation process in Congress that will shape the Trump administration’s economic agenda. Hosts Josh Zive, Paul Nathanson and Liam Donovan provide a quick update on the latest tariff developments before diving into the reconciliation process and the shifting legislative dynamics between the House and the Senate. Then, Liam does a deep dive on how economic pressures are reshaping political strategy, and what it all means for government funding timelines and the looming debt ceiling. Tune in for a Liam-style breakdown of the often confusing reconciliation process in the next couple of weeks.

 

The Latest OFSI Property and Related Services Threat Assessment

The United Kingdom’s Office of Financial Sanctions Implementation (OFSI) has published a report detailing suspected breaches of UK financial sanctions involving UK property and related services firms since February 2022 and ongoing threats to sanctions compliance (the Assessment). 
Why Did OFSI Focus on Property and Related Services?
Under the United Kingdom’s financial sanctions regime, property is an “economic resource”. Individuals and entities designated by OFSI (DPs) are prohibited from using UK financial services to execute property transactions and may also be subject to asset freezes, which include economic resources such as property. 
Property and related services firms captured in the Assessment include UK firms and sole practitioners involved in the sale, maintenance or upkeep of properties. OFSI’s Assessment is a broad cross-sector assessment that considers a range of actors including: estate agents; letting agents; landlords; tenants; property managers; property investors; property developers; UK firms dealing with overseas properties; and overseas firms dealing with UK customers. 
OFSI confirmed that almost half of suspected breaches related to UK residential property owned or let by DPs. The remainder of suspected breaches were linked to UK commercial properties, investments into UK properties, the use of UK property firms by DPs to facilitate overseas business interests and client relationships, and the renewal or continuation of property-related contracts (including insurance) on behalf of or for the benefit of DPs.
OFSI’s Key Findings
The Assessment sets out five key findings relevant to UK property and related services firms from February 2022 to present. 
Underreporting of Breaches 
OFSI found it was almost certain that UK property and related services firms have underreported suspected breaches of financial sanctions to OFSI. OFSI also observed significant delays in the identification and reporting of suspected breaches.
Noncompliance With Licence Conditions
OFSI stated it was almost certain that DPs have breached UK financial sanctions by making or facilitating transactions for the benefit of their UK properties without or outside the scope of an OFSI licence or applicable exception (further information on OFSI licencing can be found here).
OFSI found that the vast majority of suspected breaches of licence conditions related to payments made by DPs or connected entities for the maintenance of UK properties.
Russian DPs and Their Enablers
OFSI identified the use of professional and nonprofessional “enablers” who assist DPs in concealing their beneficial ownership or control of UK properties. 
OFSI reports it was highly likely that property-related breaches of sanctions have been enabled by UK property firms facilitating the payment of household staff payments, council tax, utility bills, property maintenance services, letting services and more, without an applicable licence. This is particularly the case for small-scale property or related services firms or sole practitioners with high-risk appetites and longstanding relationships with DPs.
Family and Associates
OFSI found it was highly likely that DPs have used nonprofessional enablers, such as family and close associates, to frustrate UK financial sanctions by transferring ownership or control of property assets to family/associates to disguise beneficial ownership. Key giveaways are the use of family members of associates of DPs making payments for services relating to properties owned or controlled by a DP, e.g., through direct debits to settle insurance contracts, or for the maintenance of a property, or to pay for a subscription service at an address linked to a property. 
OFSI encourages all UK firms to report any suspicious changes to the ownership or control of property assets linked to a Russian DP, particularly when properties are considered super prime properties, i.e., at the top 5% end of the property market.
Professional Enablers
OFSI considered it was almost certain that UK property and related services firms have acted as professional enablers for DPs, thereby facilitating sanctions breaches. Since February 2022, most professional enabler activity includes concierge and personal security services, other property-management services, or lifestyle-management services. Without a relevant OFSI licence, these payments could breach UK financial sanctions.
OFSI recommends staying alert to changes in ownership or control of a DP’s property asset, particularly if it has been recently divested to a percentage below 50% to bypass the basic due diligence checks.
Intermediary Jurisdictions
The Assessment also encouraged vigilance when “red flags” arise in conjunction with an intermediary jurisdiction nexus (i.e., a jurisdiction other than the United Kingdom or the jurisdiction to which UK financial sanctions apply). The Assessment found that Russian DPs structured their financial interests through a number of intermediary jurisdictions, some of which offer greater privacy in legal and financial systems. OFSI reported that since 2022, 22% of suspected breaches involved actors in intermediary jurisdictions including: Austria, Azerbaijan, the British Virgin Islands, the Republic of Cyprus, Jersey, Guernsey, Luxembourg, Switzerland, Türkiye, the United Arab Emirates and the United States. 
Reporting
Property and related services are obliged to make Suspicious Activity Reports (SARs) to the National Crime Agency under Part 7 of the Proceeds of Crime Act 2002 and the Terrorism Act 2000 if money laundering or terrorist financing activities are known or suspected. Guidance on SARs is available here.
As of 14 May 2025, letting firms will join estate agents and other relevant firms in being required to report to OFSI if they know or have reasonable cause to suspect that a person is a DP or if a person has breached financial sanctions regulations, if the information or other matter on which the knowledge or cause for suspicion is based came to it in the course of carrying on its business. This applies regardless of the rental value of properties handled by letting agents and includes all forms of tenancies. 
Practical Steps
To ensure compliance with your reporting obligations, the following practical steps are advised:

Monitor and identify any red flags as indicated in the Assessment.
Update client due diligence beyond basic ID checks to check beneficial owners and connected parties.
Remind yourself of your specific reporting obligations under the Sanctions and Anti-Money Laundering Act 2018 by reading the guidance published by His Majesty’s Revenue and Customs.
Complete a tailored risk assessment incorporating the above findings.
Identify and comply with any applicable licence requirements.

Conclusion 
OFSI’s Assessment builds on previous and related publications issued by OFSI and UK government partners, including the Financial Services Threat Assessment published by OFSI in February 2025 (see our corresponding alert here) and the Legal Services Threat Assessment published by OFSI in April 2025 (see our corresponding alert here). 

CFPB Suggests Shift In Supervision and Enforcement Priorities

On April 16, the Consumer Financial Protection Bureau (CFPB) seemingly provided its employees with a memorandum outlining its ongoing supervisory and enforcement priorities (Memo).1 Although the Memo has not been made publicly available, its contents are consistent with what many in the consumer finance industry assumed would be adopted by the agency’s new leadership.
Importantly, the Memo assists entities subject to CFPB supervision and examination by detailing the areas of interest to CFPB leadership and making clear that there is no intention among such leadership to “pursue supervision under novel legal theories,” instead relying upon the agency’s statutory authority to supervise affected entities. While not fully transparent, it appears likely that this reference to “novel legal theories” is intended to convey to CFPB employees (and the market more broadly) that the agency will not use its statutory authority to designate “larger participants” for supervisory purposes as permitted under the Dodd-Frank Wall Street Reform and Consumer Protection Act. What is wholly unclear, however, is whether industries that have already been designated as “larger participants” by the agency, such as certain consumer reporting agencies, remain subject to ongoing supervision at this time. It also appears unlikely the agency will take on sweeping initiatives to expand its reach, such as how, in recent years, it sought to designate certain consumer leasing products as “credit” despite case law to the contrary.
Five Key Takeaways and Considerations from the CFPB Supervisory and Enforcement Memo
1. Supervisory exams
According to the Memo, such exams will decrease by 50 percent and will focus on “conciliation, correction and remediation of harms subject to consumers’ complaints.” While the Memo does not go into detail as to whether such “complaint drivers” will come from internal complaint tracking or the CFPB database2 that accepts complaints, we believe the focus will be on complaints posted by consumers to the agency database (and possibly, although less likely, to larger public databases like the Better Business Bureau complaint database).
Consumer financial providers should quickly review all of their associated complaints in the CFPB complaint database to ensure that such complaints have been appropriately addressed, with root causes determined and necessary responses performed.
It is also notable that, where consumer harm is found and penalties are assessed, the Memo makes clear that it will send any funds the CFPB obtains “directly to consumers, rather than imposing penalties on companies in order to simply fill the [agency’s] penalty fund.”
2. Insured depository institutions
The Memo suggests that the CFPB will “shift [its focus] back to depository institutions.” Importantly, the Dodd-Frank Act3 provides that the CFPB has supervisory authority over insured depository institutions with more than $10B in assets in connection with such institutions’ compliance with consumer financial protection laws.
Affected banks would be wise to use this time before the appointment of a permanent director of the CFPB (who will likely staff offices consistent with this and the other priorities in the Memo) to ensure that compliance mechanisms related to the provision of consumer financial products and services are appropriate, compliant and reflective of issues identified in recent consumer complaints.
3. Specific product foci
The Memo provides that residential mortgages are a strong priority, especially where there are “identifiable victims” who have suffered “measurable consumer damages” (emphasis in original). Residential mortgages have always been a significant priority regardless of presidential administration, and most residential mortgage loan originators likely have adequate compliance programs. However, a significant unknown is how the CFPB will treat newer consumer financial products offered in the residential mortgage space, like shared appreciation mortgages and home equity investment products. In addition, the Memo notes that violations of the Fair Credit Reporting Act (as it relates to data furnishing violations) and the Fair Debt Collection Practices Act (as it relates to consumer contracts and debts) will also be priorities.
4. Specific constituent foci
The Memo notes that service members and their families, as well as veterans, are included within its priorities. This requirement reflects an understanding of the Dodd-Frank Act’s specific provisions requiring such work and is consistent with the agency’s actions since its inception.4
5. Federalism/coordinated actions with states
The Memo clarifies that the CFPB will “deprioritize” participation in multistate exams except where statutorily required. Further, the Memo provides that the agency will “deprioritize supervision” where states have “ample regulatory and supervisory authority,” unless statutorily required. Importantly, under the Dodd-Frank Act, state attorneys general may “bring a civil action in the name of such State in any district court of the United States in that State or in State court that is located in that State and that has jurisdiction over the defendant, to enforce provisions of this title [the Consumer Financial Protection Act] or regulations issued under this title, and to secure remedies under provisions of this title or remedies otherwise provided under other law.”5 Given the statement in the Memo, it is highly likely that certain consumer financial protection laws not specifically identified therein, such as the Truth in Lending Act and the Electronic Funds Transfer Act, will be of minimal interest to agency officials (unless, of course, interest is driven into these areas based upon consumer complaint volume, as described above).
What’s Next
Like many aspects of compliance that are in a state of flux with the change in presidential administrations, it is also not clear that a permanent CFPB director will share and support the same supervisory and enforcement goals. Once a permanent director is in place (which is anticipated to occur sometime before mid-June based upon recent reports from Senate Banking Committee leadership6), it is likely that the priorities listed above will require revisiting.
1 Note that the materials relied upon by Katten for purposes of this advisory do not appear publicly on the CFPB’s website. However, the materials reviewed appear on CFPB letterhead and, as described herein, are consistent with public positions agency leadership has taken with respect to the nature of future agency activities in light of the recent presidential election.
2 The CFPB complaint database is available at: https://www.consumerfinance.gov/data-research/consumer-complaints/ (last reviewed April 17, 2025).
3 H.R.4173 – 111th Congress (2009-2010).
4 The Dodd-Frank Act (Section 1013(e)) specifically provides that the “Director shall establish an Office of Service Member Affairs, which shall be responsible for developing and implementing initiatives for service members and their families.”
5 12 U.S.C. § 5552(a)(1).
6 See https://www.americanbanker.com/news/senate-eyes-may-for-cfpb-nomination-vote-scott-says which describes Sen. Scott’s prediction regarding the timing of the confirmation of Jonathan McKernan as CFPB Director.

Congress Overturns IRS Reporting Rules for DeFi Platforms

President Trump has signed into law a bill that repeals Internal Revenue Service (IRS) regulations that required decentralized finance (DeFi) platforms to be treated as brokers for purposes of reporting customer transactions. The former regulations, finalized in December 2024 under the Biden administration, expanded the definition of “digital asset brokers,” to include certain participants that operate within the DeFi industry. Digital asset brokers are subject to tax reporting obligations similar to traditional financial intermediaries. Specifically, these brokers are required to issue IRS Form 1099-DA to both the IRS and their customers, detailing gross proceeds from digital asset transactions, as well as the name and address of each customer. Had the regulations remained in effect, DeFi brokers would have been subject to information reporting requirements for digital asset sales on or after Jan. 1, 2027.
The bill invoked the Congressional Review Act (CRA), a legislative tool allowing Congress to overturn recently enacted federal regulations, particularly those implemented late in an administration’s tenure.
Advocates of the repeal argued that the former regulations were overly burdensome and misaligned with the decentralized nature of DeFi platforms. They contended that forcing DeFi protocols, which often lack a centralized entity, to comply with broker reporting standards is technically infeasible. Critics of the regulations believed it would stifle innovation and push crypto enterprises offshore, undermining U.S. competitiveness in the digital asset sector. The repeal effort was led by Sen. Ted Cruz (R-TX) and Rep. Mike Carey (R-OH). 
Opponents of the repeal warned that removing these reporting requirements may create loopholes for tax evasion and illicit financial activities, including money laundering. The Congressional Budget Office, relying on estimates provided by the Joint Committee on Taxation, projected a $4.5 billion increase in the federal deficit through 2035 from passage of the resolution. Critics argued that repealing the rule may allow more cryptocurrency transactions to evade scrutiny, potentially exacerbating financial crimes.
The repeal highlights the growing political influence of the cryptocurrency industry and a broader shift in Washington’s regulatory stance toward digital assets. As the larger debate unfolds, lawmakers and industry leaders will need to navigate the challenges of fostering innovation while maintaining financial security and compliance in the evolving digital economy.