CFPB Withdraws Dozens of Guidance Documents as Part of Deregulatory Push
On May 12, the CFPB formally withdrew nearly 70 guidance materials—including policy statements, advisory opinions, circulars, and interpretive rules—through a Federal Register notice issued by Acting Director Russell Vought. The move stems from an internal memo circulated last month to identify guidance that allegedly imposed unlawful compliance burdens or exceeded statutory authority.
According to the notice, the rescinded documents include guidance dating back to 2011 and cover a wide range of topics. The CFPB cited three primary reasons for the withdrawal: reducing unwarranted compliance burdens, minimizing regulatory overlap with other agencies, and eliminating guidance that allegedly exceeded statutory or regulatory requirements.
The withdrawn guidance spans a wide range of substantive areas, including a 2024 interpretive rule applying Regulation Z to buy now, pay later (BNPL) products; a 2020 advisory opinion addressing the Truth in Lending Act’s application to earned wage access products, and a 2024 advisory opinion asserting UDAAP liability for deceptive or unfair medical debt collection practices, among others.
The notice also emphasized that although the withdrawal is effective immediately, it is not necessarily final. The Bureau may reissue select guidance in the future, but only if deemed necessary or reduces, compliance burdens. In the meantime, the CFPB will not enforce or rely on the withdrawn documents.
Putting It Into Practice: The CFPB’s decision to withdraw dozens of guidance documents continues the broader effort to scale back the agency’s regulatory authority. While the CFPB is rescinding this guidance, potential UDAAP violations, EWA practices, and other issues remain subject to enforcement by other federal and state regulators (previously discussed here and here).
Listen to this post
CFPB Director Nominee to Move to Treasury Finance Role
On May 9, the U.S. Department of the Treasury announced that President Trump intends to nominate Jonathan McKernan to serve as the Undersecretary of Domestic Finance. McKernan had been awaiting Senate confirmation to lead the CFPB, but the White House confirmed his nomination will be rescinded as the administration continues to pursue structural change to the Bureau.
As Undersecretary of Domestic Finance, McKernan would oversee federal fiscal policy, manage public debt, and coordinate regulatory initiatives involving financial institutions and markets. His reassignment leaves acting CFPB Director Russell Vought in charge of the Bureau until a new nominee is named.
Putting It Into Practice: McKernan’s reassignment leaves a big question mark on the Bureau’s future. While the Trump administration look to bring forth a new nominee? Or will Vought remain as Acting Director until its fate is decided by the courts. We will continue to monitor the situation for further developments.
Listen to this post
President Trump Signs Resolution Nullifying CFPB Overdraft Fee Rule
On May 9, President Trump signed a Congressional Review Act resolution repealing the CFPB’s final rule restricting overdraft fees at large financial institutions. The rule, originally finalized under the Biden administration, would have imposed new limits on overdraft fees charged by banks with over $10 billion in assets.
The repealed rule, which was set to take effect on October 1, 2025, would have capped overdraft fees at $5 unless banks could demonstrate actual cost justification or treat overdraft coverage as a credit product under the Truth in Lending Act.
Putting It Into Practice: The CFPB’s overdraft rule is now void, and the Bureau is barred from issuing a substantially similar regulation in the future under the Congressional Review Act. While large depository institutions are no longer subject to federal overdraft fee caps, they should remain attentive to state-level regulatory activity concerning fees.
Listen to this post
OCC Confirms Banks Authority to Offer Crypto Custody and Execution Services
On May 7, the OCC issued Interpretive Letter 1184, reaffirming that national banks and federal savings associations may provide cryptocurrency custody and execution services, including through sub-custodians. The OCC confirmed that these activities are permissible under existing banking authority so long as banks comply with applicable law and engage in safe and sound practices.
The letter builds upon earlier OCC guidance, including Interpretive Letters 1170 and 1183. Specifically, the OCC clarified the following:
Execution of crypto trades at customer direction is permissible. Banks may buy and sell crypto-assets held in custody or on behalf of customers, so long as the transactions are executed at the customer’s direction and in accordance with the customer agreement.
Outsourcing to third parties is allowed with appropriate oversight. Banks may engage sub-custodians and outsource custody or execution functions, provided they maintain robust third-party oversight practices and ensure proper internal controls are in place.
Crypto custody remains a modern extension of traditional bank custodial services. The OCC reiterated its position that holding crypto-assets is functionally similar to traditional custody services, which fall within banks’ statutory authority.
Fiduciary activities must follow applicable regulations. When acting in a fiduciary capacity, national banks must comply with 12 C.F.R. Part 9 or Part 150 for federal savings associations, including rules on the custody and control of fiduciary assets.
Putting It Into Practice: The OCC’s latest guidance offers banks further regulatory clarity in connection with crypto-related services (previously discussed here and here). Banks considering entry into the digital asset space should track these regulatory shifts closely and ensure their compliance, risk management, and third-party oversight frameworks are equipped to support crypto operations.
DOJ Criminal Division Updates (Part 2): Department of Justice Updates its Corporate Criminal Whistleblower Awards Pilot Program
On August 1, 2024, the Department of Justice’s (DOJ) Criminal Division launched a three-year Corporate Whistleblower Awards Pilot Program (the “Pilot Program”). (See Part 1 and Part 3 of this series for more information.) The Pilot Program marked a significant effort by the DOJ to enhance its ability to fight corporate and white collar crime by enlisting whistleblowers to aid in the effort. On May 12, 2025, the DOJ released updated guidance (the “Updated Guidance”) related to the Pilot Program in order to reflect the updated enforcement priorities and policies of the administration under President Trump, also announced on May 12, 2025. In this article, we provide an overview of the Pilot Program and lay out the recent changes to the guidance.
Overview of the Pilot Program
As originally announced in August 2024, the Pilot Program allowed for financial recovery for whistleblowers who provided successful tips relating to “possible violations of law” for four categories of crimes: (1) foreign corruption and bribery, (2) financial institution crimes, (3) domestic corporate corruption, and (4) health care fraud involving private insurance plans.
Eligibility & Key Terms
To be eligible, potential whistleblowers must meet the following criteria:
Financial Threshold. To qualify under the Pilot Program, the information provided must lead to a successful forfeiture exceeding $1 million.
Originality. The information provided by the whistleblower must be based on the individual’s independent knowledge and cannot be already known to the DOJ. Information obtained through privileged communications is excluded from the DOJ consideration.
Lack of “Meaningful Participation” in the Reported Criminal Activity. A whistleblower is ineligible for an award if they “meaningfully participated” in the activity they are reporting. Pilot Program guidance provides that an individual who was “directing, planning, initiating, or knowingly profiting from” the criminal conduct reported is not eligible. Conversely, someone who was involved in the scheme in such a minimal role that they could be “described as plainly among the least culpable of those involved” would be able to recover an award under the Pilot Program.
Truthful and Complete Information. To qualify for an award, a whistleblower must provide all information of which they have knowledge, including any misconduct they may have participated in. If a whistleblower withholds information, they are ineligible to recover an award under the Pilot Program. This requirement includes full cooperation with the DOJ in any investigation, including providing truthful testimony during interviews, before a grand jury, and at trial or any other court proceedings and producing all documents, records, and other relevant evidence.
Award Structure
If eligible, a whistleblower may be entitled to a discretionary award of up to 30% of the first $100 million in net proceeds forfeited and up to 5% of the next $100–$500 million in net proceeds forfeited. Under relevant criminal forfeiture statutes, proceeds are forfeitable only if they are derived from or substantially involved in commission of an offense. In this way, net proceeds forfeited may be less than actual loss.
Unlike other similar whistleblower programs, any award pursuant to the Pilot Program is fully discretionary — there is no guaranteed minimum amount that a whistleblower will recover. In determining whether a whistleblower will receive an award, it will consider whether the information provided was specific, credible, and timely and also whether the information significantly contributed to forfeiture. The DOJ also assesses the whistleblower’s level of assistance and cooperation throughout the investigation.
Corporate Self-Disclosure
The Pilot Program gives companies a 120-day window to self-disclose information related to an internal whistleblower report. Companies choosing to self-disclose “misconduct” covered by the Pilot Program within the allotted 120-day window will remain eligible for a presumption of declination (i.e., no prosecution) under the Corporate Enforcement and Voluntary Self-Disclosure Policy, which also was updated as announced on May 12, 2025 (the “Self-Disclosure Policy”). This 120-day window applies even if the whistleblower has already reported misconduct to the DOJ.
Companies choosing to self-disclose also must meet the other requirements of the Self-Disclosure Policy to qualify for a presumption of declination. In addition to a timely self-disclosure, companies must cooperate fully with the investigation, identify responsible individuals, remediate all harms, and disgorge ill-gotten gains.
Changes in the May 2025 Updated Guidance
The Updated Guidance reaffirms the DOJ’s commitment to the Pilot Program and does not change that the program will run for three years unless otherwise announced. The majority of the specifics of the Pilot Program remain unchanged, including the requirements for whistleblower eligibility, the self-disclosure policy, and the amount that whistleblowers stand to gain.
The primary update is a change to the subject matter to which a whistleblower’s report must pertain in order to be eligible for recovery. Under the Pilot Program as initially announced, information provided by a whistleblower must have related to the following substantive areas:
Violations by financial institutions such as money laundering, failure to comply with anti-money laundering compliance requirements, and fraud against or non-compliance with financial institution regulators.
Violations related to foreign corruption and bribery, including violations of the Foreign Corrupt Practices Act, money laundering statutes, and the Foreign Extortion Prevention Act.
Violations related to the payment of bribes or kickbacks to domestic public officials.
Violations related to federal health care offenses involving private or non-public health care benefit programs, where the overwhelming majority of claims were submitted to private or other non-public health care benefit programs.
Violations related to fraud against patients, investors, or other non-governmental entities in the health care industry, where these entities experienced the overwhelming majority of the actual or intended loss.
Any other federal violations involving conduct related to health care not covered by the federal False Claims Act (FCA).
In its Updated Guidance, the DOJ removes certain language from these categories thus broadening the substantive reach of the Pilot Program:
Removes the requirement that violations related to federal health care offenses involve “private or non-public” health care benefit programs.
Removes the requirement that the overwhelming majority of claims for federal health care offenses were submitted to private or other non-public health care benefit programs.
Removes the requirement that patients, investors, or other non-governmental entities experience the overwhelming majority of actual or intended loss.
Removes entirely the qualifying category for reports involving health care-related violations not covered by the FCA.
Consistent with the Trump administration’s focus on tariffs, immigration, and cartels, among other enforcement priorities, the DOJ adds priority subject-matter areas that now qualify for a potential whistleblower award:
Violations related to fraud against, or deception of, the United States in connection with federally funded contracting or federal funding that does not involve health care or illegal health care kickbacks.
Violations related to trade, tariff, and customs fraud.
Violations related to federal immigration law.
Violations related to corporate sanctions offenses.
Violations related to international cartels or transnational criminal organizations, including money laundering, narcotics, and Controlled Substance Act violations.
Concurrently with its Updated Guidance, the DOJ issued a memorandum entitled “Focus, Fairness, and Efficiency in the Fight Against White-Collar Crime.” This memo clearly lays out the priorities of the DOJ’s Criminal Division under the Trump administration, including but not limited to “trade and customs fraud,” “conduct that threatens the country’s national security,” and combatting “foreign terrorist organizations” such as “recently designated Cartels and [Transnational Criminal Organizations].” The DOJ stated that amendments to the Pilot Program were intended to “demonstrate the Division’s focus on these priority areas.” The changes in the Updated Guidance closely track the stated priority areas, and they reflect that while the Pilot Program will continue, its focus may shift to reflect the additional goals of the Trump administration.
Recommendations for Minimizing Risk Under the Pilot Program
While the recent changes to the Pilot Program broaden the scope of potential whistleblower reports and may implicate companies in industries that were previously not likely to be subject to the program, the substantive best practices for minimizing risk of a whistleblower seeking to take advantage of the Pilot Program remain the same, even with the Updated Guidance. Companies therefore should take this opportunity to review and update their whistleblower response policies to ensure they are clear, being followed, and effective.
Have a preexisting compliance program that encompasses all relevant subject-matter areas. Given the 120-day window to self-disclose under the Pilot Program, companies must be able to undertake complete internal investigations on a short timeline. Companies should ensure they have strong and robust internal reporting structures for misconduct of any type and that they are prepared to promptly investigate any alleged misconduct. Companies should protect the confidentiality of whistleblowers, not retaliate, and not impede whistleblowers from reporting potential violations to the government. To the extent that a company’s compliance program defines potential “misconduct” more narrowly than the Pilot Program, those companies should consider expanding the scope of their compliance function to ensure all potential violations of criminal law are thoroughly investigated.
Conduct internal investigations under privilege. The Pilot Program provides that information is not “original” if the whistleblower obtained it through a communication subject to the attorney-client privilege. It also disqualifies potential whistleblowers if they learned the information in connection with the company’s process for identifying, reporting, and addressing potential violations of law. Therefore, it is essential for companies to preserve privilege while conducting internal investigations. In-house or outside counsel should guide the investigation, and the scope and purpose of the investigation should be documented in writing. Companies should be careful with the extent to which they involve non-attorneys in the investigation (if at all) and should ensure the investigation is being led by attorneys and for the purpose of obtaining attorney advice.
Consider self-disclosure where appropriate. If a company chooses to self-disclose potential misconduct within the 120-day period provided by the Pilot Program, the company is entitled to a presumption of declination under the Self-Disclosure Policy. Where there is any question regarding whether a company has uncovered “misconduct,” this presumption may put a thumb on the scale for self-disclosing, although note that the program also requires companies to cooperate throughout the ensuing government investigation.
Be aware of pre-existing self-disclosure requirements. In combatting the eligibility of potential whistleblowers, companies should consider whether they have any existing requirement to self-disclose. This may come from requirements imposed on all federal grant recipients. It could stem from serving as a government contractor, where such contractors are already required to disclose evidence of potential violations of federal criminal law. The obligation to self-disclose may also come from a corporate integrity agreement in place following a prior FCA settlement. If any of these scenarios apply, it is less likely that a potential whistleblower will be deemed to have come forward voluntarily with original information, and there may be an argument that they therefore do not qualify for an award under the Pilot Program.
Lori Rubin Garber also contributed to this article.
DOJ Criminal Division Updates (Part 3): New Reasons for Companies to Self-Disclose Criminal Conduct
On May 12, 2025, the U.S. Department of Justice (DOJ) announced revisions to its Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP). (See Part 1 and Part 2 of this series for more information.) As a part of the new administration’s priorities and policies for prosecuting corporate and white collar crimes, the head of the Criminal Division directed the Fraud Section and Money Laundering and Asset Recovery Section to revise the CEP and clarify that additional benefits are available to companies that self-disclose and cooperate.[1]
The CEP encourages companies to self-disclose misconduct, fully cooperate with investigations, and remediate issues — and, in turn, potentially reduce their criminal exposure. Though the scope and criteria for compliance with the CEP have evolved since it was announced in 2016, a constant has been the presumption of declination for a company in compliance. This amorphous “presumption” has long drawn complaints from practitioners and companies, due to its lack of certainty in outcomes — especially weighed against the often-extensive investigations and work corporations do to comply with the policy.
The latest revision to the CEP seeks to address complaints about the lack of certainty by providing specific conditions to companies considering voluntary self-disclosure and a pathway to guaranteed declination. The revised CEP also establishes significant benefits for companies that may not meet the requisite declination requirements but fall into other categories. Understanding the nuances of the revised CEP is crucial for companies to ensure they are well positioned to benefit from the revised CEP, should a company find itself in a position to self-disclose misconduct. The key aspects of the May 2025 Revised CEP are as follows:
Declination of Prosecution
Four conditions must be met for DOJ to decline criminal prosecution of company:
Voluntary Self-Disclosure. The company must have proactively and promptly reported unknown misconduct to the Criminal Division, without having an obligation to do so and without an imminent threat of disclosure or government investigation.
Full Cooperation. The company must have “fully cooperated” throughout the investigation process by, among other things, timely disclosing and voluntarily preserving relevant documents and information as well as making company officers and employees who possess relevant information available for interviews by prosecutors and investigators.
Timely and Appropriate Remediation. The company must have taken prompt and effective corrective actions, including investigating underlying conduct and root causes, appropriately disciplining wrong-doers, and implementing an effective compliance and ethics program to reduce future risks.
No Aggravating Circumstances. There should be no significant aggravating factors related to the misconduct, such as its severity, scope, or repeated occurrence, nor recent criminal adjudications for similar offenses.
Near Miss Cases: Voluntary Self-Disclosures with Aggravating Factors
The revised CEP also creates a middle ground for companies that self-report in good faith but do not meet all other voluntary self-disclosure requirements. In these “near miss” situations, the DOJ may offer a Non-Prosecution Agreement (NPA), which typically provides the following benefits:
A term length of fewer than three years.
No requirement for an independent compliance monitor.
A 75% reduction off the low end of the U.S. Sentencing Guidelines fine range.
Resolutions in Other Cases
The revised CEP also outlines a third route to resolution: If a company’s situation does not qualify for a declination or an NPA, prosecutors still have discretion to determine the appropriate resolution. This includes the imposition of penalties, term lengths, compliance obligations, and monetary fines. Prosecutors typically will apply a reduction from the low end of the fine range for non-recidivist companies that have fully cooperated and remediated the misconduct.
Why This Matters
DOJ’s message through the revised CEP is clear: Do the right thing and you will be rewarded.
A company’s timely and effective voluntary remediation and self-disclosure can now result in guaranteed declination of criminal prosecution, if the company complies with the steps laid out in the revised CEP. Companies should keep these benefits in mind not only when faced with a decision point regarding self-disclosure of misconduct but also as they proactively evaluate the effectiveness of their compliance programs and whether they are adequately resourced. Foley is here to help with your compliance and internal investigations needs, as well as counsel you through evaluating self-disclosure under the revised CEP.
[1] See Foley blog post on May 12, 2025 Criminal Division White Collar Enforcement Plan Memo.
CFPB Rescinding the 2021 COVID-19 Mortgage Servicing Final Rule
On May 15, 2025, the Consumer Financial Protection Bureau (CFPB) filed an interim final rule in the Federal Register that will rescind its prior 2021 COVID-19 mortgage servicing final rule. The interim final rule is set for publication in the Federal Register on May 16, 2025, and would become effective 60 days after publication. Comments will be accepted for 30 days after publication.
As a refresher, the 2021 COVID-19 final rule added the following to Regulation X:
Temporary enhanced early intervention live contact requirements;
Temporary “procedural safeguards” that had to be satisfied before making the first notice or filing to initiate foreclosure; and
An exception to the anti-evasion provision that allows “[c]ertain COVID-19-related loan modification options” to be offered to a borrower based upon an evaluation of an incomplete loss mitigation application.
The CFPB’s stated rationale for rescinding the 2021 COVID-19 final rule is twofold. First, it explains that much of the 2021 final rule was intended to be temporary. For example, the enhanced early intervention live contact requirements contained an expiration date of October 1, 2022. Similarly, the procedural safeguards only applied to first notices or filings made prior to January 1, 2022. Therefore, those provisions “have been sunset by their own terms, and . . . [t]hus, borrowers and servicers are no longer utilizing these safeguards.” Furthermore, as these were COVID-19-related protections added to the law, the CFPB notes that former President Biden formally ended the COVID-19 national emergency when he signed a joint resolution of Congress on April 10, 2023.
With respect to the anti-evasion exception for certain loan modification options, the CFPB notes that it has already proposed a rule that would provide servicers with flexibility to offer loss mitigation options more freely. “As part of the revised framework, the proposal would have removed the provisions implemented in response to the COVID-19 pandemic, and the Bureau did not receive public comments on the proposed removal of those provisions.”
The second reason for this interim final rule is, as the CFPB explains, that “it is the policy of the Bureau to streamline regulatory requirements to reduce burdens on the American public. The Bureau has determined that, in light of the end of the COVID-19 pandemic, these regulations needlessly complicate Regulation X without commensurate benefits.”
Takeaways and Observations
The CFPB’s decision to rescind the enhanced early intervention live contact requirements and the foreclosure procedural safeguards is almost certainly inconsequential, as those provisions have sunset and no longer have any effect. However, in our opinion, the CFPB is understating the impact of rescinding the anti-evasion exception for some loan modifications. While that provision was enacted in response to COVID-19 and the pandemic is over, the wording chosen by the CFPB in the 2021 final rule was intentionally (albeit subtly) broader in scope and has allowed servicers to continue offering certain loan modification options in a streamlined fashion (i.e., without having to receive a complete loss mitigation application). Therefore, rescinding that provision and only providing servicers with 60 days to change internal processes is going to be a significant challenge.
In that regard, it is noteworthy that the Section 1022 analysis portion of the interim final rule states that “[t]his rule does not impose any costs to consumers or covered persons or have any direct impact on consumers’ access to consumer financial products or services.” To the contrary, this rule is likely to impose implementation costs on servicers and will reduce consumers’ access to loan modification options. That is certainly relevant when thinking about the cost-benefit analysis associated with this rulemaking.
It is also notable that this interim final rule does not rescind the anti-evasion exception for COVID-19-related deferral and partial claim loss mitigation options in 1024.41(c)(2)(v). That exception was separately enacted as a part of the CFPB’s June 30, 2020, interim final rule, and so we will be watching to see whether the CFPB takes separate action to rescind that provision in the future since it also deals with COVID-19.
In sum, while the CFPB arguably suggests that this interim final rule is uncontroversial and will have minimal impact that is very likely not the case. Servicers should immediately consider the impact of this interim final rule on their internal processes and consider whether to submit comments to the CFPB and/or begin making necessary changes to their business.
Listen to this post
Increased Clarity for White-Collar Clients: The Department of Justice Unveils its Revised Corporate Self-Disclosure Policy
What should U.S. businesses take from the Department of Justice’s (“DOJ”) revisions to its Corporate Enforcement and Voluntary Self-Disclosure Policy (“CEP”)? While DOJ has long promoted self-disclosure of wrongdoing as a key way to obtain leniency, DOJ’s revised policy states clearly and unequivocally that self-disclosure will lead to non-prosecution in certain circumstances.
On May 12, 2025, the Criminal Division released a memorandum detailing the new administration’s goals for prosecuting corporate and white-collar crimes. The memorandum sets forth the government’s view that “overbroad and unchecked corporate and white-collar enforcement burdens U.S. businesses and harms U.S. interests,” and directs federal prosecutors to scrutinize all their investigations to avoid overreach that deters innovation by U.S. businesses. Matthew R. Galeotti, Chief of the DOJ Criminal Division, recently underscored these sentiments on May 12, 2025, at SIFMA’s Anti-Money Laundering and Financial Crimes Conference, stating that under the revised CEP, companies can avoid “burdensome, years-long investigations that inevitably end in a resolution process in which the company feels it must accept the fate the Department has ultimately decided.”
Companies that self-disclose possible misconduct and fully cooperate with the government will not be required to enter into a criminal resolution with the DOJ. Galeotti said that under CEP’s “easy-to-follow” flow chart, companies that (1) voluntarily self-disclose to the Criminal Division (2) fully cooperate, (3) timely and appropriately remediate, and (4) have no aggravating circumstances “will receive a declination, not just a presumption of a declination.” The revised CEP allows that even a company that self-discloses in good faith after the government becomes aware of the misconduct may still be eligible to receive a non-prosecution agreement with a term of fewer than three years, 75% reduction of the criminal fine, and no corporate monitorship.
To be sure, this does not mean that U.S. companies should use these policy changes as an opportunity to take unnecessary risks without fear of prosecution. Indeed, DOJ’s main priority is to prosecute individuals, including executives, officers, or employees of companies, and will “investigate these individual wrongdoers relentlessly to hold them accountable.” Although it remains to be seen how the government will implement its new guidelines, the revised enforcement policy is helpful to U.S. businesses, white-collar clients, and their advisors, who have long hoped for heightened transparency and clearer guidelines for potential outcomes under the DOJ’s corporate self-disclosure program.
Think Compliance Got Easier? Think Again—DOJ’s New Era in White-Collar Enforcement
Many have speculated as to how white-collar enforcement may change during President Trump’s second term. A recent memorandum by the Head of the Department of Justice’s (“Department”) Criminal Division, Matthew R. Galeotti, sheds light on that issue. Specifically, on May 12, Galeotti issued a memorandum—“Focus, Fairness, and Efficiency in the Fight Against White-Collar Crime” (the “Galeotti Memorandum”). Galeotti covers a number of topics in the memorandum, including the “three core tenets” that the Criminal Division will follow when prosecuting white-collar matters. Those tenets are: “(1) focus; (2) fairness; and (3) efficiency.” We will cover each of those pillars in three posts this week. This post delves into the first tenet—focus.
As an initial matter, the Galeotti Memorandum affirms the Department’s commitment to “do justice, uphold the rule of law, protect the American public, and vindicate victims’ rights.” He emphasizes the “significant threat to U.S. interests” that white-collar crime poses. Galeotti explains that the Department is adopting a “targeted and efficient” approach to white collar cases that “does not allow overbroad enforcement to harm legitimate business interests.” Galeotti further cautioned that governmental overreach “punishes risk-taking and hinders innovation.”
Under the focus prong, the Galeotti Memorandum directs prosecutors to concentrate on issues that pose a “significant threat to US interests.” Galeotti first walks through the harms stemming from white-collar crime, including:
The exploitation of governmental programs, including health care fraud and defense spending fraud;
The targeting of U.S. investors or actions that otherwise undermining market integrity, such as elder fraud, investment fraud, and Ponzi schemes;
The targeting of monetary systems that compromise “economic development and innovation;”
Threats to the American economy and national security; and
The corruption of the American financial system.
In light of those harms, Galeotii identifies the following priority areas for the Criminal Division:
Health care fraud and other waste, fraud, and abuse;
Trade and customs fraud;
Elder fraud, securities fraud, and other fraud facilitated by variable interest entities;
Complex money laundering, including “Chinese Money Laundering Organizations;”
Fraud targeting “U.S. investors, individuals, and markets;”
Crimes that compromise national security;
Corporate support of “foreign terrorist organizations;”
Crimes implicating “the Controlled Substances Act and the Federal Food, Drug, and Cosmetic Act;”
Money laundering and bribery implicating “U.S. national interests,” “national security,” competition, and the benefit of “foreign corrupt officials;” and
Criminal conduct that involves “digital assets that victimize investors and consumers,” use those assets to further “other criminal conduct,” and “willful violations that facilitate significant criminal activity.”
In addition, the Department will focus on identifying and seizing the proceeds of crimes included in the list above and using those proceeds “to compensate victims.” Prosecutors will also prioritize crimes “involving senior-level personnel or other culpable actors, demonstrable loss,” and obstruction of justice.
The Department is also expanding its Corporate Whistleblower Awards Pilot Program to prioritize tips that result in forfeiture in areas such as:
Conduct involving “international cartels or transnational criminal organizations;”,
Federal immigration law violations;
Conduct “involving material support of terrorism;”
“Corporate sanctions offenses;”
Corporate conduct involving “[t]rade, tariff, and customs fraud;” and
Procurement fraud by corporations.
As noted above, we will delve into the other two prongs of the Galeotti Memorandum—fairness and efficiency—in two, follow-up posts. The first prong makes clear, however, that the Department is still focused on white collar crime—particularly in the health care industry.
A New Enforcement Blueprint: How the Department of Justice Is Re-Shaping Its Approach to Digital Assets, Anti-Money Laundering, and Financial Crime
The Department of Justice (“DOJ”) has launched an ambitious realignment of its financial crime strategy, issuing two key policy pronouncements during spring 2025. Taken together, Deputy Attorney General Todd Blanche’s April 7 Memorandum, Ending Regulation by Prosecution, and Criminal Division Chief Matthew R. Galeotti’s May 12 remarks at Securities Industry and Financial Markets Association’s (“SIFMA”) Anti-Money Laundering and Financial Crimes Conference announce a coordinated, top-down course correction that will reverberate across the digital-asset ecosystem and the broader financial sector. The initiatives narrow the DOJ’s focus to the most pernicious threats—particularly investor fraud, terrorism, fentanyl and narcotics trafficking, organized crime, and sanctions evasion—while simultaneously dialing back “regulation by prosecution” of lawful market participants. At the same time, the DOJ continues to offer incentives for voluntary self-disclosure and cooperation, streamlining the use of corporate monitors, and reinforcing the centrality of robust compliance programs.
1. April 7 Memorandum: From “Regulation by Prosecution” to Targeted Digital-Asset Enforcement
The April 7 Memorandum signals a departure from the prior administration’s approach, which often sought to graft traditional securities or commodities frameworks onto novel blockchain technology through criminal indictments. Emphasizing that “the Justice Department is not a digital assets regulator,” Deputy Attorney General Blanche instructed prosecutors to discontinue cases whose “principal effect” is to impose licensing or registration regimes on technology providers. In practice, this means:
Dropping charges premised on non-willful violations of money-transmission, Bank Secrecy Act (“BSA”), securities-registration, broker-dealer, or Commodity Exchange Act provisions.
Avoiding litigation over whether a digital token is a “security” or “commodity” when classic Title 18 offenses—wire fraud, mail fraud, money laundering—will suffice.
Shuttering the National Cryptocurrency Enforcement Team and reallocating those resources to United States Attorneys’ Offices pursuing higher-priority crimes.
What remains squarely in prosecutors’ crosshairs are cases in which individuals (i) steal or misappropriate customer assets, (ii) perpetrate investment frauds such as “rug pulls,” or (iii) deploy digital assets to facilitate other felonies. In line with clear priorities expressed by this administration, the policy expressly cites cartels, human smuggling networks, fentanyl suppliers, foreign terrorist organizations, and sanctions-evading regimes as prime targets.
2. May 12 Remarks: A Re-Imagined Anti-Money Laundering and Fraud Framework
Echoing the April 7 Memorandum’s investor-and-national-security focus, Matthew R. Galeotti, Head of the Justice Department’s Criminal Division, unveiled a an updated Corporate Enforcement and Voluntary Self-Disclosure Policy devoted to “the most urgent threats to our country, our citizens, and our economy.” Key features include:
Clarity and Carrots for Self-Disclosure. The Criminal Division’s revised Corporate Enforcement and Voluntary Self-Disclosure Policy now provides an automatic declination—rather than a mere presumption—for companies that (a) voluntarily self-report, (b) fully cooperate, (c) remediate promptly, and (d) have a case that lacks aggravating circumstances. Even when aggravating factors exist or the DOJ learns of misconduct first, a self-disclosing entity can still expect substantially reduced penalties, lighter terms, and no monitor.
Right-Sizing Monitorships. A new monitor selection protocol imposes fee caps, budget approvals, and biannual tri-partite meetings to ensure that the “benefits of the monitor outweigh its costs.” DOJ is reviewing existing monitorships for narrowing or early termination.
Enhanced Whistleblower Incentives. Qualifying whistleblowers whose information leads to forfeitures in priority areas—including sanctions evasion, cartel finance, and immigration-related fraud—may qualify for cash awards.
Collectively, these revisions aim to shorten investigative timelines, encourage early cooperation, and re-deploy prosecutorial bandwidth toward the highest-impact cases.
3. Compliance Expectations in the Digital Asset Arena
Although the DOJ’s rhetoric is conciliatory toward law-abiding innovators, the underlying statutory framework has not changed. Bank Secrecy Act (“BSA”)/anti-money laundering (“AML”) obligations, Office of Foreign Assets Control (“OFAC”) sanctions, and state consumer-protection statutes remain fully enforceable—and future administrations could revive aggressive federal prosecutions within the statutes of limitation. Consequently, digital asset exchanges, custodians, wallet providers, and related service firms should:
Maintain rigorous Know-Your-Customer (“KYC”) onboarding, ongoing customer due diligence, and transaction monitoring.
Implement blockchain-analytics solutions capable of tracing on-chain movements and generating actionable red-flag alerts.
Document decision-making around token listings, protocol upgrades, and smart contract deployments to demonstrate the absence of scienter if a regulatory violation is alleged.
Preserve detailed audit trails to facilitate rapid, credible cooperation should misconduct surface internally or via subpoena.
A strong compliance posture not only hedges against future prosecutorial pendulum swings but also positions a company to avail itself of the DOJ’s newly generous self-disclosure regime.
4. April 7 Memorandum: Digital Assets and Cartels
The April 7 Memorandum explicitly links digital-asset enforcement to the fight against cartels and transnational criminal organizations (“TCOs”). Executive Order 14157’s “total elimination” directive designates cartels as Foreign Terrorist Organizations and Specially Designated Global Terrorists, giving prosecutors expanded authorities to pursue their financial facilitators. The DOJ has identified several converging trends:
Cartel Finance and Money Laundering. Mexican and Central American cartels increasingly accept bitcoin, stablecoins, and privacy-enhanced tokens as payment for narcotics shipments and precursor chemicals sourced from China. Mixing services and cross-chain bridges enable rapid layering, complicating asset tracing.
Human Smuggling Networks. Digital wallets facilitate ransom payments and coordination along smuggling routes, often leaving only blockchain footprints instead of traditional bank wires.
Fentanyl Supply Chains. Illicit marketplaces use cryptocurrency to settle transactions for fentanyl analogues, with darknet vendors rotating addresses to frustrate interdiction.
Sanctions Evasion by State Proxies. Some TCOs act as intermediaries for sanctioned states, exchanging bulk cash for crypto, or vice versa, to skirt OFAC restrictions.
Under the April 7 Memorandum, prosecutors will prioritize seizing the wallets, tokens, and keys directly controlled by cartel members or their money-laundering nodes, while generally declining to pursue exchanges or custodians absent willful misconduct.
5. Practical Takeaways for Industry
Self-Evaluate and Disclose. The DOJ has made clear the steps and substantial benefits for coming forward and reporting wrongdoing. A robust internal investigation, promptly followed by voluntary disclosure, may secure a declination even where wrongdoing occurred.
Multi-Layered Enforcement. State regulators such as the New York Department of Financial Services may step into any perceived federal void. Parallel investigations by foreign authorities—especially under Europe’s MiCA regime—remain a possibility.
Align Culture with Compliance. The DOJ’s message is unmistakable: companies that view compliance as a strategic asset, not a cost center, will fare far better than those that treat it as a check-the-box exercise.
Conclusion
The DOJ’s 2025 enforcement reset recalibrates prosecutorial resources toward the actors and conduct that have been identified by the current administration to inflict the greatest harm on investors, markets, and U.S. national security. Digital asset businesses, financial institutions, and multinational enterprises should seize this moment to reinforce compliance frameworks, upgrade investigative capabilities, and cultivate a culture that encourages prompt self-reporting to mitigate criminal exposure.
FCA’s Discretion Upheld in IRHP Redress Scheme Judicial Review
Timely insights into the design of mass consumer redress schemes
In R (All-Party Parliamentary Group on Fair Banking) v Financial Conduct Authority [2025] EWHC 525 (Admin), the High Court examined the FCA’s decision regarding the exclusion of certain customers from the scope of the voluntary Interest Rate Hedging Products (IRHP) redress scheme established in 2012, which was criticised in a subsequent independent review. The case contains important insights into the trade-offs involved in the design of such schemes, given the high likelihood that the FCA will soon be rolling out a redress scheme to deal with motor finance mis-selling.
Background
From 2010 onwards, large numbers of complaints began to be made about mis-selling of IRHPs alongside small and medium sized business loans. The IRHPs, which typically swapped floating for fixed interest rates, had become ruinously expensive for many bank customers after interest rates fell sharply during the 2008 financial crisis. Following supervisory intervention by the FSA (the predecessor of the FCA), a voluntary redress scheme was negotiated with various large banks in 2012. The scheme incorporated a “sophistication test”, which excluded customers that exceeded certain objective metrics or were otherwise sophisticated in the use of financial products from being eligible to receive compensation under the scheme for mis-sold financial products.
Subsequently the FCA committed to a review of its supervisory intervention on IRHPs by a leading King’s Counsel. That review concluded (among other things) that the FCA should not have excluded a subset of customers from the scheme via the sophistication test. The FCA disagreed with these findings and decided to take no further action to address that conclusion. The All-Party Parliamentary Group on Fair Banking challenged this exclusion by way of judicial review proceedings, arguing that the FCA’s decision was irrational and procedurally unfair due to a lack of proper consultation with stakeholders.
The FCA argued that it was on balance right (or at least not irrational) to agree the redress scheme incorporating the sophistication test for a number of reasons including that:
There was real urgency to provide prompt assistance to a large number of small businesses that were in distress and prone to going into insolvency as a result of payments required under their IRHPs.
In this context there were significant advantages to a voluntary scheme over use of the FSA’s mandatory s.404 redress powers, which would be slower and more complex to implement, and prone to protracted challenge from the banks involved.
There were reasons for concern that the evidential challenges to the FSA of bringing action to require redress could not be overcome, resulting in worse outcomes all round.
The scheme delivered fair outcomes for those within its scope and the FSA was entitled to prioritize those customers.
The incorporation of the sophistication test followed intensive and robust negotiation with the banks and necessarily involved the need to make trade-offs to achieve the best overall result possible. There was no reason to believe that a better outcome could have been negotiated voluntarily with the banks.
Ultimately the scheme led to c.£2.2 billion being paid in redress in respect of 20,206 IRHP sales, with costs to the banks of c.£920 million.
Court’s Findings
The High Court rejected the challenge to the manner in which the FCA had exercised its discretion not to seek to require further redress to be paid to sophisticated customers excluded from the voluntary scheme, holding that:
Rational Basis: The FCA had a rational basis for its decision. The bar for irrationality is a high one and it was not irrational for the FCA to disagree with the conclusions of the independent review on the basis of a reasoned consideration that it conducted. There was no presumption that a public body in the position of the FCA should follow the recommendations of the independent review absent a good, very good, or cogent reason.
No Duty to Consult: The FCA was not legally obliged to consult stakeholders before making its decision regarding the exclusion criteria.
Regulatory Discretion: The FCA’s actions were within the scope of its regulatory authority and aligned with its statutory purpose of consumer protection. The FCA is afforded a wide measure of discretion as to when and how it will intervene to address potential mis-selling, having regard to its statutory objectives, regulatory principles and regulatory priorities. It could not be said to have misunderstood or misapplied that discretion in acting as it did.
Implications
This judgment reinforces the principles that regulatory bodies like the FCA have broad discretion in designing and implementing redress schemes (whether voluntary or compulsory, especially when balancing regulatory priorities, and the need for timely action, against the complexities of individual cases. Its decisions in such circumstances will not be lightly overturned by the courts. The judgment also shines a light into the decision-making processes of the regulator and the trade-offs that are made when negotiating such schemes. Those insights are worth considering at a time when another mass consumer redress scheme in relation to motor finance mis-selling is highly likely in the coming months, the design of which will inevitably involve similar issues.
PROFILE: Stuart Alderoty: The Man Behind Crypto’s Biggest Court Victory
In July 2023, the Securities and Exchange Commission (SEC) looked poised to conquer the cryptocurrency space in the United States, closing in on a crucial judicial endorsement of its legal theory that digital assets themselves are investment contracts and offers and sales of cryptocurrencies are securities. Multi-billion-dollar enforcement actions based on this legal interpretation of the so-called Howey test had been filed by the Commission in federal courts against the biggest players in the industry — Coinbase, Kraken, Binance. Kraken had already settled one case with the SEC, and Coinbase and Binance were gearing up to fight theirs.
But Ripple had been on the front lines of this legal battle longer than anyone. In December 2020, the SEC sued the payments company and its two senior executives, arguing that several years of sales of the XRP digital token were unregistered securities. The Ripple case was the first full-scale attempt by the SEC to bring digital assets under its authority. A verdict was about to be issued by Judge Analisa Torres in the U.S. District Court for the Southern District of New York.
Stuart Alderoty, Ripple’s chief legal officer since 2019, knew that the stakes were high and would have far-reaching implications not just for Ripple, but the industry as a whole.
“The SEC provided no clear regulatory guidance before the lawsuit,” Alderoty told National Law Review. “The agencies were regulating by enforcement – meaning that legal expectations were clarified via cases brought by the agencies rather than establishing clear guidelines and rules.”
Alderoty’s strategy was to zero in on the heart of the SEC’s legal theory – the Howey test, a legal doctrine established in the 1946 Supreme Court decision in SEC v. W.J. Howey Co. (328 U.S. 293) that established the definition of a security under the 1933 Securities Act. Howey found that an investment contract exists if there is an “investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others.”
Over three and a half contentious years fought out in Torres’ courtroom, the SEC went as far as arguing that since the XRP token itself was a security, all sales of XRP, including on public exchanges, were unregistered securities.
Alderoty always believed the SEC was wrong.
“We argued that XRP did not meet the requirements of a security under the Howey test, since XRP is not primarily intended for investment but for cross-border payments, which distinguishes it from traditional securities,” Alderoty said.
Alderoty’s defense strategy attracted an unusually large number of amici curiae briefs from crypto law experts and even industry rivals, expounding on his assault on the idea that a digital asset itself could be “the embodiment” of a security and, therefore, provide the SEC with an almost unlimited legal berth to regulate every sale, even on secondary markets.
It was a winning strategy, and the impact was celebrated across the crypto ecosystem. On July 13, 2023, Torres ruled that “XRP, as a digital token, is not in and of itself a ‘contract, transaction[,] or scheme’ that embodies the Howey requirements of an investment contract.”
“It was a watershed moment,” Alderoty said, “to find as a matter of law, a token – in this case, XRP – in and of itself, is not a security.”
Alex Drylewski, a columnist for Reuters Legal News, called it a “groundbreaking decision” which “demonstrates that the Howey test is ill-fitted to secondary market transactions between anonymous buyers and sellers” like those on crypto exchanges.
On the day of the decision, Alderoty posted on social media that it affirmed “so much of what this industry is fighting for, and shows that the SEC does not have unbounded jurisdiction over crypto.”
Alderoty started his career as a litigator and trial lawyer at a global law firm, then spent years on the executive leadership teams of some of the largest financial institutions. He was hired by Ripple in 2019 to lead legal, regulatory, and compliance efforts.
“For many years, Ripple had consistently tried to engage in a constructive way with the regulators and proactively requested clarity on the issues that were later raised in the SEC lawsuit against us,” he said. “The regulatory environment felt really hostile at that time.”
“We know what bad looks like, but we’re left to guess what good looks like. And that’s just not healthy,” Alderoty said just weeks before the Ripple lawsuit was filed. The SEC had first noticed cryptocurrencies in response to fraudulent initial coin offerings, he said, and had “not been able to get past that and recognize that this is a real technology that is transformational.”
One year into the job and days before Christmas, Alderoty was confronted with a $1.3 billion enforcement action targeting his company and CEO Brad Garlinghouse and Board Chairman Chris Larsen. The SEC was seeking injunctive relief, disgorgement with prejudgment interest, and civil penalties. It led to a long-running legal battle that Alderoty said cost the company over $150 million in legal expenses, but the fight was worth it, as it was the first sign of the regulatory winds shifting for the whole crypto space.
“Judge Torres’s ruling was a win for regulation by rulemaking, which is the approach the industry has been advocating for since before this case began,” he told National Law Review.
Ripple and Alderoty’s legal victory helped catalyze an industry inundated with attacks from regulators and lawmakers alike. Lacking clear rules of the road, the cryptocurrency industry turned its sights on the 2024 election cycle through the Fairshake PAC, raising over $250 million to support candidates “committed to securing the U.S. as the home to innovators building the next generation of the internet,” with Ripple as one of its largest donors.
“Our real motivation was to have our voice heard – we wanted to work with an administration that would be open to creating clarity through rulemaking, which encourages innovation and integrity in the market. The choice to donate to Fairshake was very impactful because we now have a very pro-innovation administration,” Alderoty said.
With a new Congress and administration more friendly to cryptocurrency – due in large part to Fairshake’s success – firms like Ripple are now looking to Congress for clarity.
Alderoty outlined his hopes of what this may look like: “What we think is required is called market structure legislation. Right now, there are some legacy systems that work for traditional finance that don’t really work with crypto because of the nature and structure of the technology.”
“Any legal framework for crypto would need to be something that one, protects consumers; two, protects market integrity; three, keeps bad actors out of the industry; and four, respects innovation,” he said.
The road to regulatory clarity seems to be in better view today, and Ripple’s own legal battle with the SEC is almost finished. At the end of March, Ripple CEO Brad Garlinghouse announced the company had reached a settlement with the Commission.
Outlining the terms, Alderoty said, “[the] SEC will retain $50 million of the previously imposed $125 million fine. The agency will also request that the court lift the standard injunction currently in place. I expect that the Commission will formally vote soon.”
After this string of victories, Alderoty hasn’t rested on his laurels. In March, he turned his attention to leading up the National Cryptocurrency Association (NCA), where he serves as President.
He explained the need for the NCA at such a critical time for the technology: “First, it’s important to understand what the NCA isn’t. The NCA isn’t a PAC, a lobbying group, or a trade group. It started a year ago to fight the negative narrative about crypto.”
“The NCA exists to amplify the voices of Americans who use crypto and provides a one-stop shop for learning about crypto products and services,” he said. “Our belief is that as trust in the industry grows, crypto use will become mainstream with utility for everyday Americans.”
When Stu Alderoty secured his victory in 2023, it was a watershed legal moment for crypto technology and a turning point that helped launch crypto’s political rise in 2024, and its mainstream acceptance in 2025. This moment transformed the legal landscape and marked a new era of legitimacy and influence for the crypto industry. The NCA marks a new chapter for Alderoty, though the book is far from finished.
All views and opinions expressed in this article are those of the author and not necessarily those of The National Law Review or the Association for Women in Cryptocurrency.