Federal Judge Orders Immediate Release of Federal Funding Amidst Continued Freeze on the Disbursement of Federal Funds
Responding to the petition of several state Attorneys General, U.S. District Judge John “Jack” McConnell Jr. issued an Enforcement Order on Monday, February 10, clarifying the scope of a Temporary Restraining Order (TRO) issued on January 29, and ordering the Trump Administration to the release federal funds to comply with the earlier order.
Federal grant programs that remained frozen after Judge McConnell’s TRO included a slew of funds from the Inflation Reduction Act (IRA) and the Infrastructure Investment and Jobs Act (IIJA), such as the Climate Pollution Reduction Grant, Solar for All, Drinking Water State Revolving Funds, and Home Electrification and Appliance Rebates Program. Programs in at least nine other agencies were also frozen. On Tuesday, a federal appeals court denied the Trump Administration’s request to stay the TRO.
How We Got Here
Within the first few hours of his presidency, President Trump signed a flurry of executive orders, directing federal agencies to freeze all obligations and disbursements and undertake funding reviews, including the Unleashing American Energy executive order, which specifically ordered a pause on fundings appropriated through the IRA. The Office of Management and Budget (OMB) quickly published a memo to heads of federal agencies ordering a pause on disbursement of funding under the IRA and IIJA, consistent with the Unleashing American Energy executive order.
A week later, the OMB published another memo ordering a temporary pause “all activities related to obligation or disbursement of all Federal financial assistance” consistent with the slew of executive orders and enforceable within 24 hours; however, before the OMB memo took effect, U.S. District Court Judge Loren AliKhan issued an administrative stay of the temporary funding freeze, and the OMB subsequently rescinded its memo. In the immediate aftermath, the White House reiterated that the executive orders remained in “full force and effect” and will be implemented by all federal agencies.
In a separate lawsuit brought by 22 states and the District of Columbia, Judge McConnell issued a TRO preventing the Trump Administration from freezing federal spending. He argued the TRO was necessary because even though the OMB memo had been rescinded, “The evidence shows that the alleged rescission of the OMB directive was in name only and may have been issued simply to defeat the jurisdiction of the courts…The substantive effect of the directive carries on.” As evidence, he pointed to the White House’s statements and an email from an Environmental Protection Agency (EPA) official that said, “until further notice, funds will not be available for this grant.” The EPA email explained that the agency was working to align with President Trump’s priorities and the will of the American people; thus, “the agency is temporarily pausing all activities related to the obligation or disbursement of EPA Federal financial assistance at this time.”
The Administration’s Response to the TRO
By instruction of the TRO, the Department of Justice circulated a Notice of Court Order to federal agencies that they are prohibited from pausing, freezing, impeding, blocking, canceling, or terminating “any awards or obligations on the basis of the OMB Memo, or on the basis of the President’s recently issued Executive Orders.” However, the DOJ instructions provided that agencies could exercise their own discretion to freeze funding.
Reporting suggests that at least some federal accounts, particularly related to the IRA and within the EPA, remained frozen in the last week. For example, Colorado’s governor and senators reported more than $570 million of obligated funds being withheld from private and public entities within the state. Additionally, there was reports of abnormal delays and in some instances funding was entirety inaccessible coming from agencies such as the EPA, Department of Energy (DOE), Department of Transportation, and Commerce Department, according to the Motion for Enforcement.
The Enforcement Order
Based on evidence that federal accounts were still frozen, on Monday, February 10, Judge McConnell issued an Enforcement Order, instructing the Administration to immediately restore frozen funding, end any federal pause, and stop any pause or freeze. The Enforcement Order specifically directs the Administration to release any withheld funds appropriated by the Inflation Reduction Act, which were frozen under the Unleashing American Energy executive order.
The TRO is set to expire on Feb. 21, 2025, at which point, the court will hold a hearing to consider imposing a preliminary injunction, which could be ordered when the TRO expires and may last until the judge enters a final judgment in the case.
Remaining Compliance Questions
Some legal experts are beginning to opine on what happens if the Administration ignores a court order based on recent notable statements about executive authority. Ahead of the Judge’s ruling, en route to the Super Bowl, President Trump weighed in on another judicial decision in relation to DOGE’s activities, calling the ruling “a disgrace” and told reporters, “No judge should, frankly, be allowed to make that kind of a decision.”
Likewise, over the weekend, Vice President J.D. Vance said on social media “judges aren’t allowed to control the executive’s legitimate power.” “If a judge tried to tell a general how to conduct a military operation, that would be illegal,” Vance posted on X. “If a judge tried to command the attorney general in how to use her discretion as a prosecutor, that’s also illegal. Judges aren’t allowed to control the executive’s legitimate power.”
Conclusion
For the purposes of federal funding freezes, the Trump Administration has been ordered to release the grant funds until at least through Feb. 21, or be in violation of the Enforcement Order. In remains to be seen what the ultimate outcome will be.
If your organization is not able to access obligated funds, it may be time to evaluate both political and legal options.
To assess legal options, first look to the four corners of the agreement to understand available options. Administrative remedies remain available, either as directed by the agreement or other legal provisions. Lastly, consider a court challenge, weighed against political considerations and business realities. Finally, we strongly recommend engaging with your elected representatives to keep them abreast of the situation and to cultivate champions.
NYDFS Fines PayPal $2 Million for Cybersecurity Failures
On January 23, 2025, the New York Department of Financial Services (“NYDFS”) announced a $2 million civil fine against PayPal, Inc. (“PayPal”) for alleged cybersecurity failures that resulted in the unauthorized exposure of customers’ personal information.
According to the consent order, in December 2022, a PayPal security analyst identified an online post describing a security gap that allowed unauthorized parties to access Forms 1099-K available on PayPal’s online platform. The forms contained PayPal customers’ unredacted personal information, including names, dates of birth and full Social Security numbers. One day after the analyst identified the issue, PayPal’s cybersecurity team noticed activity indicative of threat actors using credential stuffing to gain access to the personal information contained in the forms.
According to NYDFS, the data became exposed when PayPal changed its data flows to make the forms available to more customers. NYDFS alleged that PayPal failed to adequately train the engineering team implementing this change to implement the company’s policies and procedures designed to protect personal information with respect to the updated data flows. NYDFS also alleged that PayPal’s failure to mandate multi-factor authentication for customer accounts contributed to the unauthorized parties’ ability to access the forms.
NYDFS charged PayPal with violations of the NYDFS Cybersecurity Regulation, including the failure to provide sufficient cybersecurity training to personnel and to maintain adequate cybersecurity policies designed to protect nonpublic information, resulting in a $2 million fine against the company. The consent order notes that PayPal had cooperated with NYDFS’s investigation and implemented several corrective measures, including mandating multi-factor authentication and conducting enhanced training programs for its cybersecurity personnel and engineers.
AML/BSA Audits: Answers to Frequently Asked Questions (FAQs)
Conducting periodic audits is essential for effectively managing anti-money laundering and Bank Secrecy Act (AML/BSA) compliance. Auditing AML/BSA compliance allows financial institutions, including foreign banks, to assess the efficacy of their compliance programs—and to make updates to their compliance programs when necessary.
By conducting AML/BSA audits, financial institutions can also demonstrate the efficacy of their compliance programs to the Federal Financial Institutions Examination Council (FFIEC) when necessary. FFIEC examinations can present substantial risks, so it is imperative for financial institutions to ensure that they are as prepared as possible.
“Financial institutions need to prioritize effective AML/BSA compliance management. A key step toward effectively managing compliance is to gain a clear understanding of the efficacy of a financial institution’s compliance program. Not only are financial institutions federally required to conduct periodic AML/BSA audits, but periodic auditing also provides critical insight into whether a financial institution’s compliance policies, procedures, and protocols are functioning as intended.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.
With this in mind, what do financial institution executives and directors need to know about conducting AML/BSA audits? Here are the answers to some important FAQs:
Are Financial Institutions Required to Conduct AML/BSA Audits?
Federal regulations require financial institutions to conduct audits (or “independent testing”) as part of their efforts to ensure anti-money laundering and Bank Secrecy Act (AML/BSA) compliance. However, this is as far as the regulations go. As a result, as the FFIEC makes clear, a financial institution’s auditing program, “should be commensurate with the [money laundering/terrorist financing (ML/TF)] and other illicit financial activity risk profile of the bank and the bank’s overall risk management strategy.”
In other words, while AML/BSA auditing and risk assessment is mandatory, the federal regulations leave it up to financial institutions to determine what specific auditing measures are necessary. An informed and custom-tailored approach is critical, and financial institutions should work with their outside counsel to develop an auditing strategy that allows them to manage AML/BSA compliance with confidence.
How Often Are Financial Institutions Required to Conduct AML/BSA Audits?
Just as the federal regulations do not establish substantive requirements for AML/BSA audits, they also do not establish a mandatory frequency. With that said, the FFIEC advises that financial institutions, “may conduct independent testing over periodic intervals (for example, every 12-18 months) and/or when there are significant changes in the bank’s risk profile, systems, compliance staff, or processes.”
As a general rule, financial institutions will want to conduct regularly scheduled audits as a matter of course so that they can maintain a clear understanding of the health of their AML/BSA compliance programs on an ongoing basis—and, for most, this will involve adopting an annual schedule. However, financial institutions must also make informed decisions about when additional mid-cycle audits are necessary.
Can (and Should) Financial Institutions Use Internal Personnel to Audit AML/BSA Compliance?
The FFIEC advises that financial institutions which, “do not employ outside auditors or consultants or do not have internal audit departments may . . . us[e] qualified bank staff who are not involved in the function being tested.” However, while it is permissible to use internal personnel in appropriate cases, financial institution leaders must make an informed and strategic decision about whether this is truly the best approach. If a financial institution does not have internal personnel who devote time to remaining up-to-date on AML/BSA compliance (and who also are not directly involved in the institution’s AML/BSA compliance efforts), then engaging outside counsel will be necessary.
How Can Financial Institutions Document the “Independence” of their AML/BSA Auditors?
Independence is critical when conducting an AML/BSA audit. In fact, rather than stating that financial institutions must conduct internal audits, the federal anti-money laundering regulations state that financial institutions must conduct “independent testing.” Further elaborating on what we just discussed, the FFIEC advises that the internal auditor involved in conducting an AML/BSA audit should, “not [be] involved with the function being tested or other BSA-related functions at the bank that may present a conflict of interest or lack of independence.”
When engaging outside counsel to conduct an AML/BSA audit, the act of engaging outside counsel itself will generally be enough to satisfy any potential concerns about independence (though the scope of outside counsel’s engagement should still be clearly defined). When using internal personnel, additional steps will be necessary to demonstrate that these personnel have subject matter expertise, are unbiased and do not have a personal interest in the outcome of the audit process.
How Can Financial Institutions Document Their Compliance with the AML/BSA “Independent Testing” Requirement?
Documenting compliance with the AML/BSA “independent testing” requirement involves thoroughly documenting the entire audit process as well as its findings and any subsequent remedial action. Another benefit of engaging outside counsel is that it allows this documentation to be protected under the attorney-client privilege. In any case, comprehensiveness is key, as any gaps in a financial institution’s audit documentation will raise questions about why those gaps exist. If there isn’t a clear answer, FFIEC examiners will have little choice but to err on the side of assuming noncompliance.
What Compliance-Related Concerns Should an AML/BSA Audit Examine?
AML/BSA audits must be both comprehensive and custom-tailored. In the words of the FFIEC, “Independent testing of specific BSA requirements should be risk-based and evaluate the quality of risk management related to ML/TF and other illicit financial activity risks for significant banking operations across the organization. . . . Risk-based independent testing programs vary depending on the bank’s size or complexity, organizational structure, scope of activities, risk profile, quality of control functions, geographic diversity, and use of technology.
In brief, AML/BSA audits should focus on a financial institution’s specific risks—and they should examine these risks from all relevant perspectives. The types of issues that will typically need to be addressed during the AML/BSA auditing process and transaction testing include:
Monitoring systems for potentially suspicious activity, including filtering criteria and alerts
Processes for generating, reviewing, filing, and submitting Suspicious Activity Reports (SARs)
Processes for generating, reviewing, and filing Currency Transaction Reports (CTRs)
“Know your customer” compliance, including customer identification program (CIP), customer due diligence (CDD) policies and procedures
Adherence to other anti-money laundering recordkeeping requirements
Again, these are just broad examples. When preparing to conduct an AML/BSA audit, determining not only the scope of the audit, but also how the audit will be conducted, is essential. Following a systematic approach that is focused on a financial institution’s specific compliance obligations and risks is the only practical way to effectively assess compliance consistently on an ongoing basis.
What Should Financial Institutions Do if They Discover Compliance Failures During an AML/BSA Audit?
This is not an uncommon scenario. When financial institutions uncover compliance failures during an AML/BSA audit, the key is to address these failures as efficiently as possible. The specific remedial measures that are necessary will depend on the specific circumstances involved—and this, too, requires informed decision-making. Crucially, during the financial institution’s next AML/BSA audit, assessing the efficacy of these remedial measures should be a top priority.
What Types of Issues Are Likely to Trigger Scrutiny from the FFIEC?
Issues in any of the areas listed above have the potential to trigger scrutiny from the FFIEC. However, this list is far from exclusive. The FFIEC’s examiners exhaustively assess not only the efficacy of financial institutions’ compliance programs, but also the efficacy (and independence) of their auditing processes and procedures.
How Can Financial Institutions Mitigate Their Risk of Facing FFIEC Scrutiny?
In light of everything we have discussed thus far, financial institutions can mitigate their risk of facing FFIEC scrutiny by taking a comprehensive and proactive approach to both managing and monitoring AML/BSA compliance. If financial institutions have documentation on-hand that clearly demonstrates good-faith efforts to comply with all pertinent laws and regulations, they are both far less likely to face intensive FFIEC scrutiny and far less likely to face serious consequences in the event of an FFIEC examination.
What Should You Do if the FFIEC Opens an Examination of Your Financial Institution’s AML/BSA Compliance Efforts?
Of course, even if a financial institution is fully federally compliant, this won’t necessarily stop the FFIEC from scrutinizing its AML/BSA compliance program. If the FFIEC opens an examination of your financial institution’s AML/BSA compliance efforts, you will want to engage your institution’s outside counsel promptly.
What Are the Risks of Failing to Effectively Manage AML/BSA Compliance for Financial Institutions?
If FFIEC examiners identify flaws or oversights in a financial institution’s AML/BSA compliance program or its auditing procedures, the consequences can be significant. The Bank Secrecy Act imposes substantial penalties for violations. These include not only regulatory and civil penalties, but even criminal penalties in some cases.
Do Financial Institutions Need to Engage Outside Counsel to Conduct Their AML/BSA Audits?
With all of this in mind, do financial institutions need to engage outside counsel to conduct their AML/BSA audits? While the federal anti-money laundering regulations do not strictly require financial institutions to engage outside counsel to conduct their independent testing, doing so is strongly recommended for all of the various reasons discussed above. Working with experienced outside counsel allows financial institutions to both confidently manage AML/BSA compliance on an ongoing basis and confidently interface with the FFIEC when necessary.
CLOs and Material Nonpublic Information: Key Takeaways from the SEC’s Settlement with Sound Point
In this alert, we present the key lessons to be learned from the U.S. Securities and Exchange Commission’s (the SEC) settlement with Sound Point Capital Management, LP (Sound Point), and discuss whether a similar enforcement action would be possible under the EU and UK market abuse regimes. Fund managers trading in collateralized loan obligations (CLOs) should take note of the SEC’s decision, review their material nonpublic information (MNPI) policies, and closely monitor the SEC’s increased focus on transparency in private credit markets.
Settlement
On August 26, 2024, the SEC announced settled charges against a New York-based investment adviser, Sound Point, for failing to establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of MNPI concerning its trading in CLOs. The settlement follows a similar enforcement action brought by the SEC against another investment adviser in 2020.
CLOs and Sound Point
CLOs are securities that typically consist of a series of bonds collateralized by a pool of corporate loans, loan participations, or credit default swaps tied to corporate liabilities. The bonds differ in terms of subordination or, in other words, the priority for receiving cash flow distributions from the underlying loans. The most junior tranche (also called the equity tranche) is subordinate to the remaining tranches and, as a result, is the first to absorb losses if any of the loans default.
Sound Point is an SEC-registered investment adviser that manages its own CLOs and CLOs issued by third parties. In addition, Sound Point often participates in ad hoc lender groups or creditors’ committees, where it explores potential debt restructuring opportunities with companies on the edge of bankruptcy filings or restructuring.
Sound Point and MNPI about Company A
According to the SEC, in June 2019, as a member of such an ad hoc group of lenders, Sound Point became aware of the likely need for rescue financing of a media services company (Company A) – information which constituted MNPI about that company. Given that Sound Point owned and managed CLOs collateralized by loans issued to Company A, it began to explore the possibility of reducing its exposure to such CLOs. Sound Point decided to sell portions of its equity tranches several weeks later, and its compliance department approved the sale despite being aware of MNPI about Company A.
When MNPI concerning Company A became public the day following the sale, the prices of loans issued to Company A immediately dropped by more than 50%, with the value of the tranches sold by Sound Point declining by approximately 11%, or $685,000.
SEC’s Charges
Although Sound Point had in place a general MNPI policy, it did not require Sound Point’s compliance personnel to consider the impact of MNPI relating to a corporate borrower on the value of a CLO tranche containing a loan to that borrower, when evaluating a proposed sale of that tranche.
In the SEC’s view, this gap constituted a violation of Sections 204A and 206(4) of the Investment Advisers Act of 1940 (the Advisers Act) and Rule 206(4)-7 promulgated thereunder, which require investment advisers to, among other things, “establish, maintain, and enforce written policies and procedures reasonably designed, taking into consideration the nature of such investment adviser’s business, to prevent […] the misuse of material, nonpublic information” and have “policies and procedures reasonably designed to prevent” violations of the Advisers Act.
After accounting for the subsequent reviews and investigations conducted by Sound Point, as well as the implementation of the revised MNPI policies in 2022 and 2024, the SEC accepted Sound Point’s offer to settle for $1.8 million in a civil penalty. (Sound Point neither admitted nor denied the SEC’s findings.) The SEC did not, however, charge Sound Point with violating SEC Rule 10b-5 relating to trading in securities based on MNPI.
Lessons for Fund Managers
The Sound Point enforcement action demonstrates the SEC’s increased focus on the activities of fund managers in the context of insider trading and the specificity of written policies and procedures.
The Sound Point enforcement action is not the first action brought by the SEC against a fund manager in relation to MNPI. In 2020, the SEC settled charges with another private equity adviser for the lack of sufficient policies and procedures to prevent the misuse of MNPI obtained through employees who had been appointed to the boards of portfolio companies. Although the firm had a general MNPI policy, the SEC concluded that the policy was not specific enough to account for the types of MNPI obtained in the context of the firm’s unique business lines.
Both settlements clearly signal the need for fund managers to review their MNPI policies and update them accordingly. When managers deal with complex derivative products, they should consider whether their policies accurately reflect the MNPI risks related to these products, including loans behind them. Generally restricting trades on the basis of MNPI may not be sufficient, and fund managers should holistically address exposure of their business operations to MNPI, and actively maintain and enforce their policies.
BROADER CONTEXT
Could a similar action be brought on the other side of the Atlantic? The European MNPI regime is based on EU Regulation 596/2014 on market abuse (MAR) that applies directly in every EU Member State. The UK decided to retain the provisions of MAR following Brexit with very limited amendments.
Competent authorities of the EU Member States and, in the UK, the Financial Conduct Authority (the FCA) have broad powers to investigate infringements of MAR, including infringements of its Article 16(2), which requires any person professionally arranging or executing transactions to “establish and maintain effective arrangements, systems and procedures to detect and report suspicious orders and transactions” involving insider dealing and market manipulation.
To date, the FCA has published three enforcement actions for violations of this provision (see here, here, and here). The last enforcement, published in August 2022, imposed a financial penalty of £12,533,800 on an international broker-dealer, part of one of the world’s largest banks, for failures in control systems resulting in a number of erroneous orders being executed across various European exchanges.
However, unlike the SEC, the FCA has not published the results of any investigation into MAR policies of fund managers operating in the UK, nor has it announced any specific focus on this type of enforcement action.
Australia: ASIC Prepares Guidance Following the Release of BNPL Regulations
On 5 February 2025, the Australian Government (via the Department of Treasury) released an exposure draft on the National Consumer Credit Protection Amendment (Low Cost Credit) Regulations 2025 (draft Regulations). The draft Regulations follow the recent introduction of the Treasury Laws Amendment (Responsible Buy Now Pay Later and other Measures) Act 2024, which will see Buy Now Pay Later providers regulated as ‘low cost credit contract’ (LCCC) providers under the National Consumer Credit Protection Act 2020 (National Credit Act) from 10 June 2025.
Shortly afterwards on 7 February 2025, ASIC released a consultation paper (CP 382) seeking feedback on a draft Regulatory Guide (Draft RG). The Draft RG aims to support LCCC providers in understanding key obligations under the National Credit Act and accompanying draft Regulations.
As set out in the draft Regulations, LCCC providers will soon be obliged to:
1. Prepare Unsuitability Assessment Policies
LCCC providers will have to prepare and follow an ‘unsuitability assessment policy’ to assess the suitability of credit contracts and credit limit increases for each consumer.
To this end, LCCC providers will be required make reasonable inquiries and verification as to the objectives and financial situation of a consumer (including income, expenses and credit history) within an extended period of 120 days prior to contracting.
2. Adhere to ‘Fee Period Caps’
LCCCs will be subject to ‘fee caps’ on the amount chargeable to consumers over a 12-month period for a credit contract to be considered a LCCC. A cap of $200 in the first year is proposed, excluding default fees (which are also proposed to be capped).
These caps will apply in aggregate across all LCCCs between a credit provider and each debtor, to protect consumers from high fees or charges.
3. Elect to Comply with Modified Responsible Lending Obligations
The draft Regulations impose modified responsible lending obligations, tailored to the lower risk posed by smaller loans. Lenders will still need to make reasonable inquiries and take reasonable steps to verify the borrower’s situation, though the scope of what is required is reduced. The regulations contain a list of mandatory information which needs to be collected for each LCCC, as well as additional information required only for LCCCs above $2,000. The modified obligations also include a rebuttable presumption that LCCCs with a credit limit of $2,000 or less will be ‘not unsuitable’ to meet the consumer’s requirements and objectives, negating the need for an unsuitability assessment by the credit provider.
Draft RG clarifies that LCCC providers may either elect to comply with these modified obligations, or otherwise be subject to the standard responsible lending obligations as will still apply to all other non-LCCC credit contracts.
Treasury invites feedback on the draft Regulations until 12 February. ASIC invites feedback on Consultation Paper 382 to [email protected] by 7 March 2025. It is anticipated that the final Regulatory Guide will be released in the second quarter of 2025.
Madison Jeffreys and Mackenzie Brown also contributed to this article.
New Direct Mail Laws: California, Here We Come
With the all the preparation around 1:1 consent, a lot of marketers planned on moving away from telephone solicitations to direct mail assuming it was a safer choice with less restrictions.
And, generally, it is.
Except in California.
Ah, California with your beaches and your perfect weather and your strong consumer protection laws. As of January 1, 2025, there is a new restriction on “solicitations” for “consumer financial product or service” made by physical mail in California.
Per the new rule, which stemmed from State Bill 1096, physical mail solicitations must include “in at least 16-point bold type on the front of an envelope” the following language:
“THIS IS AN ADVERTISEMENT. YOU ARE NOT REQUIRED TO MAKE ANY PAYMENT OR TAKE ANY OTHER ACTION IN RESPONSE TO THIS OFFER.”
OOF, Buzz.
What is a “consumer financial product or service”? What is a “solicitation”?
A consumer financial product or service uses the California Financial Code definition of “consumer financial product or services” which broadly defines it, in pertinent part, as: “A financial product or service that is delivered, offered, or provided for use by consumers primarily for personal, family, or household purposes.”
Therefore, this is a pretty expansive definition.
A solicitation is “any advertisement or marketing communication through writing or graphics that is directed to, or likely to give the impression of being directed to, an individually identified person, residence, or business location.”
But, it does not include mass advertisements such as catalogs, websites, or broadcast messages. It also does not include “communication via…mail..that was initiated by a consumer.” Or credit solicitations that fit the disclosure requirements under the Fair Credit Reporting Act for credit solicitations using a consumer’s credit file.
Those are pretty broad exceptions.
Essentially, completely unsolicited blind mailings are covered by this new rule if they are for a “consumer financial product or service”. For instance, if you wanted to send a mailing to everyone in a certain zip code about mortgages, then that would likely be covered.
While direct mail can be “easier” to comply with for consumer outreach, there are pitfalls. Companies that are new to direct mail should not ignore the compliance responsibilities around direct mail.
Final Regulations Issued on Allocation of Partnership Liabilities Under Section 752
Introduction
On December 2, 2024, the U.S. Department of the Treasury (“Treasury”) and the Internal Revenue Service (the “IRS”) published final regulations (the “Final Regulations”) on section 752[1] regarding the allocation of partnership recourse liabilities in situations in which multiple partners and related parties bear part or all of the economic risk of loss (“EROL”) for partnership liabilities.[2] The Final Regulations largely adopt the proposed regulations (the “Proposed Regulations”) published on December 16, 2013 and, as such, should not result in substantial changes to the application of the rules under section 752.[3] In particular, these rules generally do not limit the ability of partners and related parties to use contractual arrangements, including guarantees, to specify the manner in which debt will be allocated among the partners.[4]
Background
Very generally, section 752 governs the allocation of liabilities and income or loss arising from debt among partners in a partnership and specifies how these liabilities affect a partner’s tax basis in its partnership interest.[5] Section 752 has been interpreted in the Treasury Regulations as intending to maintain the proper alignment between a partner’s basis and its share of a partnership’s debts based on the partner’s economic risk of loss with respect to the partnership, an approach which Congress has broadly endorsed.
The rules for determining a partner’s share of a partnership’s liabilities depend on whether the debt is recourse or nonrecourse. For a liability to be considered recourse, a partner or a related person must bear the EROL in respect to that liability – roughly speaking, a liability is nonrecourse to the extent that no partner or related person bears the EROL with respect to the liability. The Final Regulations address only the allocation of a partnership’s recourse liabilities.
A partner generally bears the EROL for a partnership liability to the extent that, in a constructive liquidation of the partnership where all of its assets (including cash) become worthless and all of its liabilities become due and payable, the partner or a related person would have a payment obligation to any person (or a capital contribution obligation to the partnership) with respect to the liability. Additionally, a partner generally bears the EROL for a partnership liability to the extent that the partner or a related person (i) is a lender of a nonrecourse loan for which no other partner bears the EROL; (ii) guarantees interest payments on a partnership nonrecourse liability (but only with respect to liability for such guaranteed interest); or (iii) pledges property as security for the partnership liability. The basic rule under section 752 is that a partner is allocated a share of a partnership liability to the extent that it bears the EROL with respect to that liability. The Final Regulations provide details on various, more complicated fact patterns that frequently arise in interpreting the EROL principle of allocating partner recourse debt for purposes of section 752.
The Final Regulations
As discussed in further detail below, the Final Regulations provide guidance on the (i) allocation of liabilities where there is overlapping EROL, (ii) application of section 752 in situations involving tiered partnerships, and (iii) allocation of liabilities among related parties. The Final Regulations additionally modify the section 704 regulations to provide clarity in rules for allocating nonrecourse deductions in tiered partnerships.
I. Overlapping EROL
The Final Regulations include a proportionality rule for determining each partner’s share of a partnership liability in situations in which multiple partners bear the EROL with respect to the same liability (“overlapping EROL”).
When the proportionality rule is triggered, each partner’s EROL for a partnership liability (or portion thereof) is determined by multiplying the total amount of the partnership liability (or portion thereof) by the following fraction: (i) the amount of EROL borne by the partner (i.e., the numerator); divided by (ii) the aggregate the EROL borne by all partners (i.e., the denominator). This rule prevents double counting of EROL with respect to the same liability.
For example, assume that A and B are 50:50 partners in partnership AB, which has borrowed $100 from a bank. A has guaranteed repayment of $100, and B has guaranteed repayment of $50 (if any amount of the loan is not repaid). The partnership liability is $100, or the amount of the loan.[6] The sum of the EROL borne by all partners with respect to this liability (as determined prior to application of the overlapping EROL rules) is $150. Thus, the amount of EROL borne by each of A and B is calculated as follows.
With respect to A: $100 (the total partnership liability) multiplied by the quotient of $100/$150 (the amount of EROL borne by A individually over the aggregate EROL borne by both A and B) for an EROL of $66.67 for A.
With respect to B: $100 (the total partnership liability) multiplied by the quotient of $50/$150 (the amount of EROL borne by B individually over the aggregate EROL borne by both A and B) for an EROL of $33.33 for B.
II. Tiered Partnerships
Under the Final Regulations, with respect to a partnership (the “upper-tier partnership” or “UTP”) that owns an interest in another partnership (the “lower-tier partnership” or “LTP”), the liabilities of the LTP are allocated to the UTP in a total amount equal to (without duplication) (i) the EROL directly borne by the UTP with respect to such liabilities, plus (ii) the EROL for such liabilities borne by any partner of the UTP, but only if the partner is not also a partner in the LTP. The Final Regulations also clarify that if an LTP liability is treated as a UTP liability under Treas. Reg. Sec. 1.752-4(a), the UTP is considered to bear the EROL for that liability, and therefore, partner nonrecourse deductions attributable to the LTP’s liability must be allocated to the UTP under Treas. Reg. Sec. 1.704-2(i). If a partner of the UTP is also a partner of the LTP, such partner bears the EROL with respect to a LTP liability directly, then prior to determining the amount of LTP liabilities that are allocated to the UTP, the LTP must first determine the allocation of the LTP liability to the direct partner, applying the proportionality rule discussed above as necessary.
An example adapted from the Final Regulations that illustrates the application of the proportionality rule in the case of a tiered partnership is below.
A and B (which is unrelated to A) contribute $810 and $90 to UTP, a limited liability company treated as a partnership for U.S. federal income tax purposes, in exchange for a 90% and 10% respective interest in UTP. UTP contributes the $900 to LTP, a partnership for Federal tax purposes, in exchange for a 90% interest in LTP and A contributes $100 directly to LTP in exchange for a 10% interest in LTP. UTP and LTP both reported losses in their initial years that reduced the basis of each partner in UTP and LTP to zero. LTP borrows $100 UTP and LTP both had no income in the year at issue. A and B both provide their personal guaranty for the entire amount of the LTP’s liability.
A’s share of the LTP liability is calculated by determining A’s EROL and then applying the proportionality rule. A and B each have an EROL of $100 with respect to the LTP liability as a result of their personal guarantees. Applying the proportionality rule, A’s share of the LTP liability is $50, or the product of $100 (the total amount of the LTP liability) by $100 (A’s EROL) over $200 (the aggregate EROL borne by A and B). B’s share of the LTP liability is similarly $50.
The LTP allocates $50 of liabilities to A for A’s direct interest in the LTP liability. LTP allocates $50 of liabilities for which B bears the EROL to UTP under the tiered partnership rules. The UTP treats its $50 share of the LTP liability as a liability of UTP. Because the $50 liability allocated to UTP only includes amounts for which B alone bears the EROL, UTP allocates all $50 to B and none to A.[7]
III. Related Party Rules
A partner is generally treated as bearing the EROL with respect to a partnership liability to the extent a person related to the partner directly bears the EROL.[8] The preamble to the Final Regulations include a “related partner exception,” which provides that “if a person who owns (directly or indirectly through one or more partnerships) an interest in a partnership is a lender or has a payment obligation with respect to a partnership liability, or portion thereof, then other persons owning interests directly or indirectly (through one or more partnerships) in that partnership would not be treated as related to that person for purposes of determining the EROL borne by each of them for the partnership liability, or portion thereof.”
For example, assume AB partnership is owned 60/40 by A and B. A and B are related persons for purposes of the section 752 regulations. A personally guarantees a $100 loan made to AB. Under the related party exception, because A directly bears the EROL for the loan as a result of its guaranty, B and A are not treated as a related persons for purposes of determining B’s EROL with respect to the loan. Because A is bears the EROL for the entire $100 liability and B does not bear any EROL, the $100 liability is allocated solely to A.
In addition, the Final Regulations include a special rule for an instance of overlapping EROL where a person (other than a direct or indirect partner of the partnership) that directly bears the EROL for a partnership liability is considered related to multiple partners of the partnership.[9] Under this rule, those partners related to the person directly bearing the EROL for the partnership liability share the liability in proportion to each related partner’s interest in the partnership.
For example, assume that A owns all of the stock of a corporation X, which in turn owns all of the stock of corporation Y. A and X are 70:30 partners in AX, a partnership for U.S. federal income tax purposes, which borrows $100. Y has guaranteed repayment of the $100 loan. Applying constructive ownership rules, Y is related to both A and X. Under the Proposed Regulations, because A and X are both related to the person directly bearing the EROL, the $100 liability would be allocated equally between A and B. In contrast, under the Final Regulations A and X share the liability in proportion to their interests in AX profits, with $70 allocated to A and $30 allocated to X.
Finally, the Final Regulations provide an ordering rule for the related party rules and proportionality rules. Under this ordering rule, the related partner exception applies first, followed by the rule for allocating liabilities where multiple partners are related to a non-partner directly bearing the EROL for a partnership liability, and then finally the proportionality rule.
Implications & Effective Date
As the Final Regulations largely adopt the Proposed Regulations, for many taxpayers, the Final Regulations will not result in substantial changes to the application of the section 752 rules that have existed in proposed form since 2013. Still, the Final Regulations helpfully clarify ambiguities in the Proposed Regulations, which results in greater certainty for taxpayers.
The Final Regulations are generally effective for all partnership liabilities incurred or assumed on or after December 2, 2024. However, the Final Regulations do not apply to any liabilities incurred or assumed by a partnership pursuant to a written binding contract in effect prior to December 2, 2024. Further, partnerships may elect to apply the Final Regulations to all liabilities with respect to returns filed on or after December 2, 2024 (including preexisting partnership liabilities), as long as the partnership applies the rules consistently and in their entirety to all its liabilities. In addition, the Final Regulations treat certain refinanced debt of a partnership that is modified or refinanced on or after December 2, 2024 as incurred or assumed by the partnership prior to December 2, 2024 to the extent of the amount and duration of the pre-modified debt; accordingly, the Final Regulations do not apply to such refinanced debt (absent the election described above).
Partnerships may wish to consult with their tax advisors regarding the desirability of an election to apply the Final Regulations to all liabilities with respect to returns that will be filed on or after December 2, 2024.
[1] All references to “section” are to the Internal Revenue Code of 1986, as amended, or to the Treasury Regulations promulgated thereunder.
[2] T.D. 10014.
[3] REG-136984-12.
[4] Such allocations must correspond to economic reality and in particular the allocation of debt must generally be to creditworthy partners.
[5] More specifically, section 752(a) treats an increase in a partner’s share of partnership liabilities (or an increase in a partner’s individual liabilities through its assumption of the partnership’s liabilities) as if the partner contributed money to the partnership (thus, increasing the partner’s tax basis in its partnership interest). Section 752(b) treats a decrease in a partner’s share of partnership liabilities (or a decrease in a partner’s individual liabilities through the partnership’s assumption of the partner’s liabilities) as if the partnership distributed money to the partnership (thus, decreasing the partner’s tax basis in its partnership interest).
[6] This example further assumes that no applicable state or local law or contract provides for reimbursement from the other party or otherwise differently allocates responsibility for the liability as between A and B.
[7] This assumes that no state or local law or contract specifies otherwise.
[8] Parties are considered related when one party has a significant level of ownership or control over another party. To determine relatedness for these purposes, the constructive ownership rules under sections 267 and 707 apply. The Proposed Regulations and Final Regulations apply the constructive ownership rules of sections 267 and 707, except that “80 percent or more” is substituted for “more than 50 percent” in each section; a person’s family is determined by excluding brothers and sisters; and sections 267(e)(1) and 267(f)(1)(A) are disregarded. Under the Proposed Regulations, these rules applied with certain modifications but still resulted in a partner being treated as bearing the EROL with respect to a partnership liability, even when that partner’s risk was limited to its equity investment in the partnership. The Final Regulations adopt two additional modifications to the constructive ownership rules: disregarding section 267(c)(1) (upward attribution through entities) with respect to the determination of whether a UTP’s interest in an LTP is owned proportionally by the UTP’s partners; and disregarding section 1563(e)(2) when determining whether a corporate partner in a partnership and a corporation owned by the partnership are members of the same controlled group.
[9] This rule is a deviation from the Proposed Regulations in response to comments expressing concern that the multiple partners rule may result in related partners recognizing uneconomic gain.
Rita N. Halabi & Mary McNicholas also contributed to this article.
Prospects for Latin American Finance Under a Second Trump Administration
Latin American economies are uniquely positioned due to their geographical proximity to the United States, extensive economic integration, significant immigration patterns and potential for growth. The U.S. serves as the dominant market for exports from the region, while millions of Latin American migrants contribute substantial remittance flows to their countries of origin. As the region prepares for potential changes under a second Trump administration, there could be profound implications for Latin American economies, regional trade, and financing available from international sources.
One of the primary concerns surrounding Donald Trump’s return to the White House is the resurgence of high tariffs that characterized his previous administration. These tariffs, often imposed on key trading partners, could disrupt Latin American economies by increasing the cost of exporting goods to the U.S. But beyond that, the new administration has begun to make significant changes that will have considerable effects on the financial markets and the access to capital in Latin America.
Banking Markets
Under President Trump, the expected revival of U.S. banking sector deregulation might have ripple effects on Latin American banks. If the Trump administration continues to emphasize its expansionist view and priorities, Latin American banks could see increased competition, especially from U.S. institutions looking to expand their footprint in the region. This could lead to more favorable lending conditions for Latin American borrowers, provided they meet stringent compliance and creditworthiness standards that may be utilized by U.S.-based banks.
U.S. banks could see renewed interest in Latin America as they seek to diversify their portfolios and tap into emerging markets. The potential for infrastructure projects, especially in countries like Brazil and Mexico, should attract U.S. bank financing. This scenario could also lead to increased lending activity, particularly for sectors such as energy, agriculture and technology. The ability to navigate regulatory challenges and foster relationships with U.S. banks could unlock new avenues for financing.
Additionally, international credit providers might be more inclined to engage in syndicated loans with Latin American banks, particularly those demonstrating resilience in their financial metrics. This may well result in a more robust banking market and tighter spreads available to Latin American borrowers.
Bond Markets
The second Trump presidency could have both negative and positive implications for Latin American issuers in the bond markets. On one hand, a strong dollar policy may deter Latin American issuers from accessing international markets as it would be more expensive for Latin American countries to issue bonds in U.S. dollars. In addition, the levels of uncertainty that in many ways characterized the first as well as the current Trump administration could have a chilling effect on the financial markets, where stability typically favors more robust issuance levels. However, if the Trump administration pursues policies that favor economic growth, commodity prices could increase, thereby enhancing the scenario for commodity-dependent Latin American nations. This could also lead to a resurgence in demand for sovereign bonds, especially from more frequent issuers such as Mexico and Brazil.
The bond markets may experience a surge in issuance from Latin American sovereigns and corporates looking for capital from international investors. A favorable U.S. interest rate environment could encourage more capital flow into Latin American bonds, especially if U.S. yields remain low. Furthermore, an increase in the issuance of project bonds could result from increased interest by U.S. authorities or, in the absence of U.S. interest, multilateral institutions, in prioritizing infrastructure projects in the region. This trend could also see increased participation from ESG-focused investors, as Latin American issuers adapt to global sustainability trends while U.S. based issuers move away from ESG in line with the administration’s priorities.
As Latin American economies seek to grow, there may be increased opportunities for securitization of various cash flows—such as those from infrastructure, real estate, and consumer finance. This could attract international investors seeking higher yields. A robust structured finance market may be available to potential borrowers when there are less than favorable financial terms available in the more traditional debt and credit markets. These types of transactions are typically executed in the bank market or as a private placement of securities to a small group of investors, although in some instances where the deal size exceeds $100 million, sponsors have chosen to tap the Rule 144A market for a wider distribution to investors and increased liquidity.
Finally, the potential for increased U.S.-Latin America trade agreements could bolster confidence among international investors, resulting in more favorable yields for bond issuers. Regional governments may capitalize on this by issuing longer-term bonds to finance infrastructure projects, thus attracting more foreign capital.
Equity Markets
In the equity markets, Latin American companies could benefit from a favorable investment climate if the Trump administration takes steps to foster a business-friendly approach. Increased foreign direct investment from the U.S. could lead to a surge in initial public offerings (IPOs) and secondary offerings for issuers in the region. Sectors that could see significant interest include technology, renewable energy, and agribusiness, as investors seek to diversify their portfolios.
However, equity markets in Latin America could face volatility under a second Trump presidency, driven by fluctuating U.S.-Latin America relations. Despite and as a result of the volatility, international investors could find investment opportunities in emerging tech companies and renewable energy initiatives, especially in countries like Chile and Colombia, which are positioning themselves as leaders in these sectors. The Brazilian markets have been particularly slow after a flurry of activity during the COVID pandemic, although penned up need for capital and investor interest are expected to contribute to a more active market in 2025.
Geopolitical tensions, particularly between the U.S. and China, could further complicate matters for Latin American companies that rely heavily on export markets. A number of tariffs have been levied on various countries and industries during the early days of the second Trump administration, demonstrating that the administration will continue to use tariffs and the threat thereof as a foreign policy tool. Potential equity issuers and investors will certainly monitor how the Trump administration’s policies influence trade relationships and the macroeconomic environment.
ESG Finance
The return of Donald Trump to the White House has resulted in concerns about significant shifts in U.S. climate policy. Although the green bond market for Latin American corporate issuers is expected to grow, diminished political support for ESG investing in Washington could challenge the lending strategies of U.S.-based banks. President Trump has openly criticized ESG regulations, and his administration has advocated for the reversal of climate-related disclosure mandates. The administration is also anticipated to reduce the regulatory authority of federal agencies on issues like air quality, potentially resulting in increased greenhouse gas emissions. Signing a presidential executive order withdrawing the United States from the Paris Agreement was one of President Trump’s first actions as President, which could impact the decarbonization goals of the world’s largest economy.
While climate policy might not be prioritized under President Trump, Latin American companies’ investments in decarbonization and sustainability efforts are likely to ensure a consistent supply of green and other labeled bonds from the region. Global investor demand is expected to remain strong, particularly from investors located outside of the United States. European portfolio managers often have mandates to incorporate ESG fixed income into their portfolios. However, this does not preclude investors—whether in the U.S. or Europe—without such mandates from investing in green bonds, especially if they foresee long-term returns. The demand for these bonds is expected to continue, with a robust buyer base potentially enhancing their performance in secondary markets.
Expectations of inflation under President Trump, partly due to protectionist trade policies, could exert upward pressure on U.S. Treasury yields, affecting Latin American issuers of both ESG and conventional bonds. While rising yields may slightly increase funding costs, they are not anticipated to close the market for Latin American issuers.
One area of concern is the potential impact on multilateral development banks (MDBs) from an anticipated shift away from climate finance under the Trump administration. Given the significant influence of the U.S. on major multilateral lenders, these institutions may face pressure to reduce their focus on ESG strategies. Many market participants have suggested that priorities may shift away from climate issues towards other areas, such as poverty alleviation. This shift would likely reflect changes in priorities from the U.S. Treasury, which holds substantial voting power at institutions like the International Monetary Fund and the World Bank, as well as the Inter-American Development Bank (IDB), where it possesses 30% of the voting shares.
Despite these potential changes, the World Bank Group and the IDB are looking to enhance their role in mobilizing private-sector support for climate-friendly infrastructure projects in the region. However, challenges such as contingent risks associated with infrastructure projects may hinder public-private financing arrangements. These risks raise concerns about repayment flows, which can deter private sector participation in these initiatives.
Finally, Wall Street banks are likely to remain engaged in the ESG market despite potential political shifts in the U.S. This suggests that regardless of the political climate, the financial sector may continue to facilitate the growth of the green bond market in Latin America, driven by global investor interest in sustainable investments.
Securities Law Considerations
Under a second Trump administration, changes in U.S. trade and economic policies could significantly impact the securities markets in Latin America. U.S. federal securities laws, primarily governed by the Securities Act of 1933 and the Securities Exchange Act of 1934 regulate the issuance and trading of securities. Latin American issuers seeking to raise capital from U.S. investors must navigate these regulations, including registration requirements and exemptions such as Rule 144A for private placements to qualified institutional buyers and Regulation D for less widely distributed private placements.
The Trump administration’s expected emphasis on deregulation could lead to a more favorable environment for cross-border investments, potentially easing regulatory constraints for Latin American companies accessing U.S. capital markets. Additionally, the U.S. Securities and Exchange Commission (SEC) might adopt a more lenient stance on compliance requirements, encouraging more Latin American companies to seek U.S. listings or engage in debt offerings to U.S. investors. In the early days of the Trump administration, the SEC has shifted resources away from crypto enforcement and has taken steps to dramatically reduce staff which should result in less regulatory overview with respect to the securities markets. These initiatives, as well as others, highlight the dynamic pace of change within the SEC and should result in a shifting regulatory landscape for issuers and market professionals.
Banking Law Considerations
In the banking sector, U.S. federal laws like the Dodd-Frank Wall Street Reform and Consumer Protection Act and the Bank Holding Company Act regulate the operations of U.S. banks and their international transactions. A deregulatory approach under the Trump administration could reduce compliance burdens, making it easier for U.S. banks to operate and extend credit in Latin America. This may enhance competition and lead to more dynamic banking relationships between U.S. and Latin American financial institutions. Since assuming office in January 2025, Trump has signed a number of executive orders that indicate an aggressive agenda that will have significant effects on the banking industry. The administration has focused on rescinding diversity, equity and inclusion (DEI) initiatives within federal agencies, sought to ease the use of digital assets in the financial system and implemented a freeze on regulatory rulemaking while the administration evaluates its regulatory priorities. These various initiatives could affect the landscape applicable to Latin American borrowers seeking to access the credit markets.
Latin American banks looking to partner with U.S. entities must carefully consider compliance with anti-money laundering (AML) and know-your-customer (KYC) regulations, which are likely to remain stringent regardless of broader deregulatory trends. These regulations ensure the integrity of international banking operations and prevent illicit financial activities.
Conclusion
The return of Donald Trump to the U.S. presidency has already introduced significant shifts in trade, economic, and financial policies affecting Latin America. While increased tariffs and restrictive immigration policies may pose challenges, opportunities in banking, securities, and structured finance could arise from a deregulatory environment and a renewed focus on U.S.-Latin American relations.
Latin American economies will need to strategically navigate these changes to optimize their financial and trade engagements with the U.S. Enhanced cooperation with U.S. financial institutions, coupled with a focus on sectors aligned with global sustainability trends, could create opportunities for Latin American issuers and borrowers.
Ultimately, the ability of Latin American economies to adapt to evolving U.S. policies will be crucial in maintaining economic stability and fostering long-term development in the region. International investors and Latin American issuers and borrowers should remain vigilant, balancing the benefits of increased capital access and investment opportunities with the potential risks posed by geopolitical shifts and regulatory changes. By leveraging strategic partnerships and maintaining robust compliance frameworks, Latin American companies and financial institutions can position themselves to capitalize on emerging trends and mitigate the anticipated challenges.
CFPB Shaken Up While Courts Address Consumer Fraud Obligations Under EFTA and Convenience Fees
The new administration continues to shake up the financial services regulatory environment. The CFPB’s new acting director indicated over the weekend that the agency will not take its next draw of funding from the Federal Reserve, noting the CFPB’s current balance as being more than sufficient. Its acting director has separately told staff to “stand down” from doing work, which has prompted lawsuits by staff. In the short term, the CFPB has already moved to stay multiple pending actions that were filed under the prior administration. Whether the CFPB will resume pursuit of the Rohit Chopra agenda remains to be seen. Notably, in the final two weeks under Chopra’s lead, the CFPB, perhaps seeing the writing on the wall in terms of the Bureau’s funding and direction or even its existence, issued a report calling for the states to pursue initiatives of the agency. See Strengthening State-Level Consumer Protections, CFPB (Jan. 14, 2025).
Some state attorneys general have not needed CFPB prompting. Attorney Letitia James, the AG in New York, is currently pursuing an enforcement action seeking to apply the Electronic Fund Transfer Act (EFTA) to consumer wire transfers. It has generally been accepted that wire transfers are governed by Article 4 of the UCC and are exempt from the EFTA. In its suit, the New York AG nonetheless alleges that consumer wire transfers, which are becoming more prevalent, are subject to the EFTA and therefore banks and credit unions should be liable for fraudulent wire transfers. The defendant in that case filed a motion to dismiss, but the US District Court for the Southern District of New York denied it. In a 62-page order, the Court concluded it would be incompatible with the text and history of the EFTA to find that it did not apply to consumer-initiated wire transfers.
In another recent case, Booze v. Ocwen, the 11th Circuit held that it is a violation of the Fair Debt Collection Practices Act (FDCPA) to collect fees for loan payments (so called “convenience fees”) unless they are expressly provided for in the loan documents. The defendant in that case had contracted with a third party to process payments by phone or online and was charging customers for the privilege of making payments via the intermediary. The Booze decision follows an earlier decision out of the Fourth Circuit, Alexander v. Carrington Mortgage, and a CFPB advisory opinion issued in 2022. Even if the CFPB is not around to enforce its advisory opinion, banks and credit unions that charge convenience fees should be wary of doing so because there are now two federal circuit courts of appeal that have found they violate the FDCPA.
Lessons From 2024 Bank Secrecy Act: Anti-Money Laundering Enforcement Actions
In 2024, FinCEN and the federal bank regulators announced more than three dozen enforcement actions against banks and individuals arising from alleged Bank Secrecy Act (BSA), anti-money laundering (AML), and countering the financing of terrorism (CFT) compliance failures. One of these enforcement actions resulted in record-breaking civil and criminal monetary penalties.
In this article, we summarize certain key compliance failures and issues indicated by these enforcement actions against banks. Rather than focusing on any specific institutions, we focus on broader industry issues. The aim of this article is to provide guidance to BSA officers and the boards of directors and senior management of banks as they consider ways in which their institution’s BSA/AML compliance program might need improvement.1
The Five Pillars
BSA/AML enforcement actions typically cite failures with respect to one or more of the five “pillars” of an effective BSA/AML program: (1) a system of internal controls to assure ongoing compliance; (2) independent testing for compliance; (3) designation of an individual or individuals responsible for coordinating and monitoring day-to-day compliance; (4) training for appropriate personnel; and (5) appropriate risk-based procedures for conducting ongoing customer due diligence (CDD), including, but not limited to, (a) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and (b) conducting ongoing monitoring to identity and report suspicious transactions and, on a risk basis, maintaining and updating customer information, including customer beneficial owner information. A significant portion of the 2024 enforcement actions cited deficiencies in all of the first four of these pillars, and in many other cases, the bank was required to adopt an improved CDD program.
These are the pillars of an effective BSA/AML compliance program because a failure in any of them is likely to cause a failure in an institution’s overall BSA/AML compliance obligations. The whole foundation can collapse when any pillar is weak. Perhaps most important is the failure to file suspicious activity reports (SARs) when required, which in the end is the primary reason for many of the BSA’s regulatory requirements.
The following discussion of compliance issues does not track the five pillars in the same order as listed in the applicable regulation, because we believe that results in a more logical flow. For example, a discussion of suspicious activity monitoring systems logically follows after discussing institutional risk assessments and customer due diligence because the activity monitoring systems should take these other requirements into account.
Internal Controls
When an examiner cites an institution for weak internal controls, that generally reflects a determination that the institution has weak policies, procedures, or processes to mitigate and manage money laundering and terrorist financing risks. This can mean anything from a poor reporting structure, unclear assignments of compliance responsibilities, poor risk assessments, failures to update policies and processes in response to regulatory changes or changes in the institution’s risk profile, weak suspicious activity monitoring systems, or weak risk rating of customers, among other issues. A bank’s system of internal controls, including the level and type, should be commensurate with the bank’s size, complexity, and organizational structure. When an institution is experiencing BSA/AML compliance weaknesses, that often reflects weak internal controls. In the summaries below, we note which of the deficiencies reflect an internal control weakness.
Board and Management Oversight
The Examination Manual states that the board of directors of each bank is responsible for approving the institution’s BSA/AML compliance program and overseeing the structure and management of the institution’s BSA/AML compliance function. The boards of about half of the banks subject to enforcement actions in 2024 were directed to enhance their oversight of their bank’s BSA/AML compliance program. The board also is responsible for setting an appropriate “culture of compliance” with respect to BSA/AML matters, and when an institution is subject to a particularly serious enforcement action, the directors and senior managers may be fined individually.
Oversight by the board requires that the board receive regular reports from compliance staff on the institution’s BSA/AML program, which reports are part of the institution’s internal controls. This would include, among other things, reports from the BSA officer as to SAR filings, reports on any negative findings in compliance audits, reports on remediation steps to address negative audit results, reports on any changes to the institution’s risk assessments, and reports on any deficiencies in the resources that are allocated to the compliance function.
BSA Officer Deficiencies
The BSA officer is central to the effective function of a BSA/AML compliance program. A few of the enforcement actions in 2024 noted that the bank had designated an ineffective BSA officer or one with no prior banking or BSA officer experience.
Other enforcement actions raised these concerns:
BSA/AML staffing that is not proportionate to the bank’s size, risk profile, and ongoing compliance concerns.
BSA officer without appropriate authority or independence. For example, one institution was criticized for having a BSA officer who did not have unilateral authority to file SARs, such as where a senior manager or a committee consisting of business managers made the ultimate decisions. This authority and independence is important to a sound compliance system, in part to avoid any conflicts of interest.
AML monitoring and compliance staff reporting through business line management rather than directly to the BSA officer, thereby weakening the BSA officer’s authority and independence.
It also is important that all AML compliance staff, even if not designated as an “AML officer,” have appropriate experience in BSA and AML matters.
Training
Banks must provide BSA/AML training to appropriate personnel, including all persons whose duties require knowledge or involve some aspect of BSA/AML compliance. This training should be tailored to the specific functions and positions of each individual within the institution. For example, the board of directors and certain staff may receive more general training than that provided to compliance staff and those individuals processing transactions or new accounts. Training generally should address higher-risk customers and activities, depending on the role of the individual to receive such training. In addition, targeted training may be necessary for specific money laundering, CFT, and other illicit financial activity risks for certain business lines or operational units.
Many of the banks entering into consent orders in 2024 were required to develop and implement a new training program. Banks were cited in 2024 for failure to tailor training for frontline retail branch personnel, to train staff on the “AML typologies and risks” associated with the bank’s products and services, and to train on the specialized red flags for specific business lines or higher-risk activities. At least one bank was criticized for inadequate training on the completion and filing of currency transaction reports (CTRs), resulting in the filing of incomplete or inaccurate CTRs. A robust training program for all aspects of BSA/AML compliance is clearly required for every bank.
Inadequate Compliance Resources
A common finding when an institution is subject to an enforcement action is that the institution did not dedicate sufficient financial and personnel resources to BSA/AML compliance. Multiple institutions were cited in 2024 for this failure, and in at least one case for the failure to invest in improvements to address compliance gaps when those investments were deemed to be too costly. At least one institution was accused of maintaining a compensation system that appeared to provide a disincentive for the BSA officer to incur costs to ensure compliance.
AML staffing also should be proportionate to the bank’s size, risk profile, and any ongoing compliance concerns. When these factors change, an increase in staffing and other resources is often called for.
Inadequate staffing and resources can result in failures in numerous areas of BSA/AML compliance. These failures can include having significant backlogs in addressing suspicious activity alerts, an inability to adequately investigate alerts, and backlogs of customers for whom their relationship with the bank should be severed.
Initial and Ongoing Risk Assessments
Banks’ BSA/AML compliance programs should be risk-based. A well-developed BSA/AML risk assessment assists the bank in identifying its money laundering, CFT, and other illicit financial activity risks and then developing and maintaining appropriate internal controls to address the identified risks. A risk assessment generally involves the identification of specific risk categories (e.g., products, services, customers, and geographic locations) unique to the bank and the bank’s analysis of such risks.
A bank should update its risk assessment from time to time, particularly when there are changes in the bank’s products, services, customers, or geographic locations, when the bank expands through mergers or acquisitions, and in response to regulatory changes, alerts, or negative compliance findings.
Many of the recent enforcement actions directed the bank to develop, implement, and adhere to a revised and ongoing BSA risk assessment methodology. Those risk assessments were to address the risks outlined above and include an analysis of the volumes and types of transactions and service by geographic location and the numbers of customers that typically pose higher or elevated BSA risk for the institution.
All risk assessments then should be used by the institution to develop and implement appropriate risk-mitigating strategies and internal controls. The results of each risk assessment should be reported to the board and appropriate senior management, and they then should require progress reports from the BSA officer with respect to any steps needed to reduce risks to appropriate levels.
Customer Due Diligence, Risk Assessments, and Monitoring
The Examination Manual notes that “[t]he cornerstone of a strong BSA/AML compliance program is the adoption and implementation of risk-based CDD policies, procedures, and processes for all customers….” Conducting ongoing CDD is the fifth pillar of an effective BSA/AML compliance program. Its objective is to enable a bank to understand the nature and purpose of customer relationships, including understanding the types of transactions in which a customer is likely to engage. These processes assist the institution in determining when transactions are suspicious and when a SAR might need to be filed.
CDD should enable the bank to assign risk ratings to each customer, and those risk ratings then should be taken into account when establishing customer transaction monitoring systems, with higher risk customers being subject to more stringent transaction monitoring. Customer risk ratings also should be taken into account in the institution’s overall BSA/AML compliance risk assessments.
If a bank determines through ongoing CDD and transaction monitoring that its information on a particular customer has materially changed, that customer information and risk rating should be updated accordingly. In the event a bank discovers that it failed to identify a customer as being a higher risk customer, the bank should revise its risk rating of the customer and consider conducting a transaction review to determine if suspicious activities were not identified.
A large majority of the banks subject to enforcement actions in 2024 were required to develop and implement a new CDD program. The actions often stated that the CDD program must ensure appropriate collection and analysis of customer information when opening new accounts, when renewing or modifying existing accounts, and when the bank obtains “event-driven information” indicating that it should obtain updated information to better understand the nature and purpose of its customer relationships and generate and maintain an accurate customer risk profile.
Suspicious Activity Monitoring Systems and Processes
Having an effective suspicious activity monitoring system and reporting system is a critical internal control and essential to ensuring that a bank has an adequate and effective BSA/AML compliance program. Without such, an institution is more likely to miss suspicious activities and file appropriate SARs.
Per the Examination Manual, the sophistication of a monitoring system should be dictated by the bank’s risk profile, with particular emphasis on the composition of higher-risk products, services, customers, entities, and geographies. It likely would be inappropriate, however, to use a monitoring system that wholly disregards domestic and supposedly lower-risk transactions, and at least one institution was criticized for that in 2024.
The five key components to an effective monitoring and reporting system are:
Identification or alert of unusual activity, which may include employee identification, law enforcement inquiries, other referrals, and transaction and surveillance monitoring system output.
Managing alerts.
SAR decision making.
SAR completion and filing.
Monitoring and SAR filing on continuing suspicious activity.
A transaction monitoring system may have manual elements. These systems may target specific types of transactions, such as large cash transactions or transactions from foreign geographies, with a manual review of reports generated by the bank’s systems. The type and frequency of reviews and resulting reports used should be commensurate with the bank’s BSA/AML risk profile and appropriately cover its higher-risk products, services, customers, entities, geographic locations, and methods of delivering its products and services.
Automated monitoring systems also are appropriate for most or all banks. These systems, sometimes called “surveillance monitoring systems,” include rule-based systems that apply transaction parameters, scenarios, and filters. In all cases, however, those parameters, scenarios, and filters should be tailored to the bank’s risks, and they should be tested periodically to ensure that they are effective.
We therefore have seen enforcement actions criticizing banks for relying on “off-the-shelf” scenarios provided by its vendor without consideration as to whether those scenarios needed to be tailored to the bank’s business. Some enforcement actions also criticized the bank for failure to conduct appropriate testing and gap assessments of their transaction monitoring system.
Finally, we should note that at least one institution was criticized for appearing to have designed at least portions of its monitoring system to focus more on operational burdens and risks rather than BSA/AML compliance.
Failures to File SARs; Potential Consequences
Not surprisingly, those institutions that were cited for having weak CDD or transaction monitoring programs also were often cited for failures to identify suspicious transactions and file SARs as warranted. At least 16 banks were ordered in 2024 to conduct reviews of prior transactions to determine if any SAR filing might have been missed, sometimes referred to as a “look back” review.
When a look back is required, the institution generally must hire an independent consultant to conduct a review and provide a written report on the bank’s suspicious activity monitoring, investigation, decisioning and reporting, identifying any instances in which the bank failed to file a SAR. The regulator then uses this information to decide what fines it will impose and whether to increase any prior fines. If the results of the look back are very negative, the regulator might also order an expanded look back, going further back in time.
Independent Testing
Banks are required to conduct independent testing or audits (the Examination Manual uses these terms interchangeably) of the bank’s BSA/AML compliance program. The testing can be conducted by the bank’s internal audit department or by qualified third parties, but the auditor never should be involved in business operations or BSA-related functions due to the potential for conflicts of interest or lack of independence. The results of all independent testing should be reported directly to the board of directors or a designated committee thereof that is composed primarily or completely of outside directors.
The Examination Manual directs examiners to obtain and review the independent testing reports, including any scope and workpapers. If the examiner finds that the testing was adequate given the bank’s risk profile, that can comfort the examiner and might lead to a softer-touch examination. If the examiner concludes that the testing was deficient, the bank can expect a rigorous examination.
Several of the banks subject to enforcement actions in 2024 were found by the examiner to have deficient independent testing. In one instance, the examiner concluded that the testing was insufficient in scope given the institution’s risk profile and that it only determined whether controls existed and not if they were in fact being used. In certain other instances when the enforcement action did not specifically criticize prior testing, the bank still was required to perform new independent testing and provide the results to the examiner.
Many other banks were directed to establish a new independent audit program that would address and determine, among other things, the bank’s money laundering, terrorist financing, and other illicit financial activity risks; whether the bank’s policies, procedures, and processes for BSA/AML compliance were appropriate for the bank’s risk profile; whether the bank actually adhered to such policies, procedures, and processes; and whether management took appropriate and timely action to address any deficiencies.
Next Steps
In light of these enforcement actions, there are a number of steps that a bank might want to consider and questions that it might want to ask of itself.
Risk Assessments
Is the assessment of your institution’s money laundering, CFT, and sanctions risks appropriately tailored to your products, services, customers, geographic locations, and your methods of delivering your products and services? Have any of these factors changed since your last risk assessment such that a new risk assessment is advisable? Some institutions might decide that it is appropriate to engage a third party to conduct a new risk assessment, both to obtain an independent view of your risk assessment and so as not to over-burden internal resources who need to focus on day-to-day compliance matters.
Customer Due Diligence
Is your customer due diligence thorough and ongoing? Are customers appropriately risk rated, and is that risk rating adjusted when new information about the customer is obtained? Is customer information and their risk rating incorporated into your transaction monitoring systems? If you rely on a fintech partner or other third party for customer due diligence, you might want to confirm that they are obtaining and updating customer information as needed to ensure BSA/AML compliance.
Transaction Monitoring
Are your transaction monitoring thresholds, filters, and scenarios appropriately tailored to your products, services, customers, geographic locations, and your methods of delivering your products and services? If you are relying on third-party monitoring systems, have you reviewed their thresholds, filters, and scenarios and confirmed that they are appropriate for your institution? Have these thresholds, filters, and scenarios been tested recently?
Independent Testing
Unless your institution recently performed or had performed thorough independent testing, you might want to consider new testing. As with your risk assessments, it might be best to engage a third party to conduct this testing, both to obtain an independent opinion of your organization and so as not to overburden your internal resources who need to focus on day-to-day compliance matters.
Resources
Has your BSA officer or any independent testing provider suggested that additional resources are needed, and have these suggestions been heeded?
Voluntary SAR Look Back
If the results of independent testing or testing of your transaction monitoring system suggests that the institution might have failed to identify suspicious transactions or file SARs, you might want to consider voluntarily conducting a SAR look back. In this way, you might be able to reduce the negative impacts of your next BSA/AML compliance program.
BSA/AML compliance is not inexpensive, but enforcement actions can cost far more. In addition to needing to spend time and money to address the issues raised in the action, and potentially paying fines, banks with serious BSA/AML compliance deficiencies may be blocked for a period of time from offering new products or services, opening new branches, or engaging in acquisitions. A bank that is subject to a consent order or a formal written agreement with its regulator also generally is not an “eligible bank” for purposes of corporate applications, meaning that expedited treatment of those applications is unavailable. For all of these reasons, we recommend that banks take heed to the lessons that can be gleaned from 2024’s round of enforcement actions so as to avoid being a target in 2025 or beyond.
Footnotes
1 This article focuses only on the compliance issues that were raised by the 2024 enforcement actions. We are not attempting to provide a complete guide to BSA/AML compliance, but only to highlight areas in which an examiner concluded an institution was deficient. In order to provide regulatory background, we sometimes draw from the Bank Secrecy Act/Anti-Money Laundering Examination Manual of the Federal Financial Institutions Examination Council, often without attribution but sometimes by referring to the “Examination Manual.”
Navigating Permanent Establishment Risks in Cross-Border Employment
As businesses continue to expand their operations across borders—by engaging contractors, hiring employees, or initiating other revenue-generating activities overseas—understanding permanent establishment risks becomes critical.
The creation of a permanent establishment (PE)—a tax concept that may trigger a company’s obligation to report, file, and pay corporate taxes in a foreign country—represents an additional administrative and financial obligation.
A foundational understanding of PE considerations can help global employers identify and mitigate potential issues—and better know when to seek appropriate professional guidance.
Quick Hits
Tax connections: Establishing a PE can result in the obligation to file corporate taxes abroad.
Local registration: Although PE is primarily a tax concept, it may coincide with requirements to register with local business authorities as a foreign entity conducting business in the country.
Understanding ‘Permanent Establishment’
A company’s business activities may create a significant economic presence that could trigger tax liability abroad. Usually, tax authorities look for revenue-generating activities in which the foreign company is engaged. Some countries have taken the position that if a key element of a product (including, in some instances, the use of intellectual property) is created on their soil that generates revenue—even outside of the relevant countries—the revenue is taxable. The business activities of a company that will trigger a PE are primarily governed by tax treaties between countries, or, in their absence, by local tax laws.
Key Triggers for Permanent Establishment Obligations
Fixed place of business: Traditionally, having a physical office, branch, factory, or any other fixed place where business activities are conducted, establishes a PE. This may include construction or installation projects that last for a certain period. The modern global economy and the rise of remote work, however, have complicated this definition.
Dependent agents: Engaging a dependent agent—whether an employee or an independent contractor who primarily works for the company and has the authority to enter into contracts on its behalf—may also trigger a PE. The agent’s financial dependence and exclusivity to the company are critical factors.
Rendering services: Providing services such as consulting, engineering, or management in a foreign country for a specified duration (often 183 days within 12 months) may establish a PE. This duration may vary by country, with some having shorter periods.
Remote Work and Permanent Establishment Risk
The COVID-19 pandemic has significantly impacted the concept of PE, particularly with the rise of remote work. Initially, many countries considered remote work arrangements as temporary activities that did not establish a PE. But as remote work has become more permanent, tax authorities have increased their scrutiny of these arrangements. Factors such as whether an employee’s home is at the company’s disposal, whether the company pays for home office expenses, the use of the home address for business purposes, and other indicia of company/employer control over the address are often considered by tax authorities in their PE determinations.
Special Considerations and Examples
Intellectual property: In some countries, such as Germany, creating intellectual property within the country and using it for revenue-generating activities abroad may establish a PE.
Sales activities: While supporting sales activities may not trigger a PE, actively selling within a foreign market likely will.
Country-specific rules: Some countries, such as India, have unique rules where employing individuals within the territory, even for non-revenue–generating activities, may trigger a PE.
Mitigating Risk and Maintaining Compliance
Businesses carefully evaluating their cross-border activities to avoid unintended tax obligations may want to consider the following:
Remote work: Do the benefits of allowing employees to work remotely from another country outweigh the potential tax risks? Employers might also consider pushing back on paying remote work expenses to mitigate PE risks.
Contract structuring: Businesses often attempt to mitigate PE risk by structuring contracts such that significant decisions and signatures occur outside the foreign country. Tax authorities might question this strategy, focusing on the substance over the form of the business activities.
Preparatory and auxiliary activities: Activities considered preparatory or auxiliary, such as administrative tasks, research and development, or marketing support, generally do not establish a PE. However, sales activities that directly generate revenue in the foreign country may fall within a gray area.
Tax professionals: Engaging tax advisors to navigate the complex and evolving landscape of international tax laws and treaties often makes good sense.
Conclusion
Understanding, strategically planning for, and managing permanent establishment risks are crucial steps for businesses operating abroad. While labor and employment attorneys and HR professionals may not specialize in tax law, they play a vital role in issue-spotting and ensuring that potential tax implications are addressed with the help of seasoned tax professionals. By staying informed and proactive, businesses can navigate PE complexities and considerations, avoid unintended tax consequences, and maintain compliance in the global marketplace.
Where Is Corporate Venture Capital Headed In 2025, And Will It Lead To More M&A?
Corporate Venture Capital (CVC) investment is an increasingly used strategic tool that enables large corporations to make minority investments in startups that will complement and expand their existing products or services. This type of investment can be highly beneficial as it can provide strong financial returns, as well as access to innovation, without the time and heavier expense load of in-house research and development (R&D) projects.
While many would think that an eventual merger, acquisition, or other type of M&A transaction would be the end goal of CVC investment, a recent analysis by PitchBook indicates that despite elevated CVC activity over the past 10 years, it has not resulted in much M&A. According to their data, from 2014 to 2024, CVC has made up more than 46% of total VC deal value and 21% of deal count. However, despite having invested a vast amount of capital, very little of this investment has translated to acquisitions.
To put it into perspective, their data shows that since 2000, below 4% of CVC-backed companies were acquired by an existing CVC investor. So, why aren’t more CVCs moving toward acquisitions, especially as their approach typically involves looking for companies who could provide great returns and complement or expand their existing products? The definition of what a strategic return looks like can vary greatly among CVCs. It could be access to new technologies or markets, driving innovation, competitive advantage, a boost to public image, or many other motivating factors. But for only a small fraction of CVCs, a strategic return yields an acquisition.
PitchBook points to several factors that might explain why M&A is not always their “end goal,” such as stage preference. CVC investors tend to focus on later-stage investment. This is due in large part to their interest in companies that have reached a more mature stage of product development and pose a lower risk. While some CVCs focus on earlier-stage investment, the asset class as a whole favors later-stage investment. It is simply more difficult and costly to integrate a company in its later stages into a larger corporation. And for those investing in earlier-stage startups, there are, of course, more risks that go along with acquisitions of these companies, as well as a higher risk of failure.
CVCs might also be motivated by a need for flexibility and options. As a minority stakeholder, they can have great insight into a startup’s innovation, inner workings, and competitive position with minimal risk. As conditions change, they still have the ability to pivot. That becomes much more difficult once they enter into an acquisition. There is also the issue of investing in complementary businesses versus those that you want to integrate into your corporation. Investing in a startup that is complementary to yours that allows access to new technologies or innovations does not necessarily mean it makes sense to then fully integrate it into your organization.
Additionally, the goals of the startup may not be aligned with CVC M&A. CVCs are targeting later stage startups in larger numbers. At this stage, founders often have their sights set on an IPO as opposed to an acquisition, and even if their goal is to be acquired, there is likely more than one interested party, making the competition fierce. An IPO or sale to another buyer could still allow a CVC to realize some significant returns without going through the acquisition process.
While the goal of a startup might not be an acquisition by its corporate investors, there are some significant benefits that come with corporate investment. A study conducted by Global Corporate Venturing showed that startups that had corporate investors saw their risk of bankruptcy cut in half, as well as an increase in exit multiples in the case of an acquisition or IPO. This is likely due in large part to the additional advantages that can accompany corporate investment as opposed to traditional VC investment. These could include access to invaluable knowledge, facilities, distribution channels, or strategic partnerships. Corporate investment can also help to boost the profile of a startup, enhancing its visibility, providing validation, as well as a greater sense of stability.
There are many reasons why the actual number of acquisitions by CVCs is so low. It truly depends on the motivating factors of the company and what makes the most sense based on their short and long-term goals, as well as those of the startup. However, it is clear that CVC investment can come with incredible benefits for startups, and it is showing no signs of slowing down anytime soon.