US Halt on Foreign Anti-Corruption Enforcement Prompts New European Taskforce
Approximately two weeks ago, British, French and Swiss law enforcement authorities announced the creation of a new international alliance. With their joint Founding Statement (“Statement”), the three countries established the International Anti-Corruption Prosecutorial Taskforce (“Taskforce”) to tackle the threat of bribery and corruption. Though statements made by one of the three signing officials note that the launch of this new organization is “in no way a reaction to” the recent US pause on Foreign Corrupt Practices Act (“FCPA”) enforcement, the timing of this debut coupled with the conspicuously absent American presence from the taskforce suggests otherwise.
The nascent organization was launched on March 20, 2025, via a collective statement promulgated by the United Kingdom’s Serious Fraud Office, France’s Parquet National Financier, and the Office of the Attorney General of Switzerland. The Statement succinctly sets out the Taskforce’s aims in a single page. Beginning by recognizing the “significant threat of bribery and corruption and the severe harm that it causes,” the Statement then reaffirms its commitment to tackling such. It subsequently sets out two subgroups that will be formed: a “Leaders’ Group” that will focus on “the regular exchange of insight and strategy” and a “Working Group” that will “devis[e] proposals for co-operation on cases.” This is intended to strengthen cooperation and will also involve enhanced operational exchanges in the handling of individual cases, as well as the development of a broader framework for reflection on international anti-corruption strategy. The Statement concludes by extending an open invitation for other “like-minded agencies involved in tackling international bribery and corruption to join the Taskforce.”
Given the short timespan between the birth of this international organization and the Trump administration’s recent policy changes pausing FCPA enforcement, there has been a good deal of speculation that these two developments bear some relation to one another.
The policy changes related to FCPA-related prosecution began with a memorandum issued by U.S. Attorney General Pam Bondi on February 5, 2025 — the same day that she was sworn in. In one of her fourteen “Day One” memos, she stated that “[t]he Criminal Division’s Foreign Corrupt Practices Act Unit shall prioritize investigations related to foreign bribery that facilitate[] the criminal operations of Cartels and TCOs, and shift focus away from investigations and cases that do not involve such a connection.”
On February 10, 2025, President Trump followed up by issuing Executive Order 14209 (“Order”), “Pausing Foreign Corrupt Practices Act Enforcement to Further American Economic and National Security,” in which he implemented a 180-day “review period” during which — among other items — no new FCPA investigations or enforcement actions may be brought barring the approval of the Attorney General. During this time, all current FCPA investigations or enforcement actions are also under scrutiny, as the Order notes that “appropriate action” will be taken with respect to existing matters “to restore proper bounds on FCPA enforcement.” The Order also provides for an additional 180-day extension to this review period should the Attorney General deem it appropriate.
Though the newly formed Taskforce has yet to take any affirmative steps since its inception, its very creation has signaled European dissent from President Trump’s policy shift regarding the FCPA prosecution. Despite a recent shift in American prosecution away from FCPA matters, businesses should still take precautions to remain in compliance with all applicable laws or risk facing consequences from any number of regulators — at home or abroad.
Going Nuclear–Industry Outlook and Issues
The nuclear energy industry continues to gain momentum and has a strong outlook for 2025 and beyond. This positive forecast is buoyed by support from both major political parties, increased demand, technical advancements, and some out-of-the-box thinking for deploying existing assets. There have also been a few notable judicial and legislative developments that are contributing to what some hope will be the realization of a long-promised nuclear renaissance.
Outlook for 2025 and Beyond
The new year is already off to a good start for nuclear power generation.
Expansion of the Price-Anderson Act
First, the US Court of Appeals for the Federal Circuit recently advanced a broad interpretation of the Price-Anderson Act that will expand the definition of private parties covered for certain nuclear accidents. This positive development broadens who can take advantage of government indemnification under the Price-Anderson Act, encouraging new parties to participate in the nuclear market. We wrote about this development and its impact on limiting private liability for nuclear accidents here.
Nuclear Market Growth
Second, a dynamic nuclear market appears to be taking root. As Nuclear Business Platform reports: (1) small modular reactors (SMRs) should lead the way in 2025, with several designs under development and NuScale Power Corporation achieving US Nuclear Regulatory Commission (NRC) certification; (2) increased demand from data centers and artificial intelligence should continue to drive new generation; (3) a positive financing environment for nuclear projects also appears to be in place; (4) new technology developments in both reactors and fuels from a variety of private market players should support further growth; and (5) new market participants in India, Turkey, and Africa will also support continued advancements and efficiencies.
Nuclear-Powered Hydrogen
Third, the US nuclear industry continues to evaluate opportunities for using nuclear fuel as an electricity source to produce hydrogen following the US Department of the Treasury’s final changes to the 45V clean hydrogen production tax credit, which exempt (with some restrictions) existing and future nuclear power plants from the additionality requirements imposed on other renewable energy sources. US nuclear leaders, along with EDF Energy’s initiatives in France and Japan’s High Temperature Engineering Test Reactor, could carve out a new generation space.
Global Agreements to Support Nuclear Power
Fourth, a collection of large tech companies, financial institutions, and members of the nuclear industry announced a pledge at the CERAWeek conference to “triple global nuclear capacity by 2050.” The coalition, including Amazon, Meta, Google, key nuclear power associations, and 31 countries, committed to supporting the rapid expansion of global nuclear power through financial investment, aggressive political advocacy, and global cooperation.
Palisades Nuclear Plant Set to Restart
Fifth, on Monday, 17 March, the US Department of Energy (DOE) approved a nearly US$57 million loan disbursement to Holtec for the Palisades Nuclear Plant in Covert, Michigan. The Palisades plant, retired in 2022, could be the first commercial reactor in the country brought back into service after being previously shut down. US Energy Secretary Chris Wright called the disbursement “yet another step toward advancing President Trump’s commitment to increase domestic energy production, bolster our security and lower costs for the American people.” The Palisades plant will have to receive approval from the NRC to resume operation.
World Bank Set to Invest in Nuclear Projects
Sixth, on Thursday, 20 March, the head of the World Bank announced that he had petitioned the bank’s board of directors to reverse its policy against investing in nuclear energy projects. Ajay Banga, the World Bank president, called small nuclear reactors “transformative and safe,” and he stated that nuclear power could be a viable path to green power for developing countries.
Support for Nuclear from the Trump Administration
Finally, the Trump administration has released several statements and executive orders promoting new nuclear generation. On his first day in office, President Trump issued the “Unleashing American Energy” executive order, which directed agencies to identify, revise, or rescind any regulations that “unduly burdened” domestic energy production. Among the domestic energy sources identified as key domestic resources, nuclear energy was included. President Trump, along with Secretary of Energy Chris Wright and Secretary of the Interior Doug Burgum, have expressed public support for increasing nuclear capacity as a reliable source of baseload power for the US electrical grid.
2024 in Review
The promise of 2025, and beyond, comes on the heels of an extremely successful 2024 in the commercial nuclear industry. DOE recently summarized the major nuclear achievements from 2024.
New Reactors Come Online in Georgia
Vogtle 4 entered commercial service on 29 April 2024. Plant Vogtle is now the largest clean power generator in the country and is home to two Westinghouse AP1000 reactors. These are the first new builds in the United States in more than 30 years.
Significant Restart and Recommissioning Activity Is on the Horizon
DOE closed a US$1.52 billion loan to repower and upgrade the Palisades nuclear power plant in Michigan. This would be the first reactor ever recommissioned in the United States, if approved by the NRC. Holtec’s decision to recommission Palisades is significant because the company originally purchased the plant with plans to decommission the plant at a profit. Holtec’s decision to stick with the plant provides a clear signal as to the improved economics and demand for nuclear power generation. The DOE loan was made possible by the Inflation Reduction Act.
In addition to Palisades, Constellation Energy recently announced its plans to restart Three Mile Island Unit 1, thanks to a 20-year power purchase agreement with Microsoft to power its data centers. The plant will be renamed the Crane Clean Energy Center and is expected to be online in 2028, pending regulatory approval.
The United States Announces Nuclear Generation Goals
The Biden administration released nuclear deployment targets in 2024 to expand domestic capacity by 200 gigawatts (GW). The plan outlines more than 30 actions the US government can take to add 35 GW of new capacity by 2035 and achieve a sustained pace of 15 GW per year by 2040. Most of that capacity could come from existing power plant sites. Research also shows that US nuclear power plants could host up to 95 GW of new capacity. An additional 174 GW could also be built near US coal plants, depending on the reactor type. The Trump administration has not specifically endorsed the Biden plan, but, as discussed above, the Trump administration has expressed support for a “nuclear renaissance.”
Strides Being Made in Development of a Domestic Nuclear Fuel Supply
Multiple companies are participating in low-enriched uranium and high-assay, low-enriched uranium capacity building programs sponsored by DOE. The US$3.4 billion effort will allow the awardees to bid on future task orders to produce, store, and deconvert material that can be fabricated into fuel for current and future reactors. The United States also took crucial steps toward strengthening our domestic energy security by issuing a ban on imported uranium products from Russia.
New Technologies Are Under Development
DOE-supported projects started in 2024 will bring the United States one step closer to the deployment of new advanced small modular and microreactor systems. TerraPower started nonnuclear construction on a sodium test facility in support of its Natrium reactor in Kemmerer, Wyoming. The Department of Defense broke ground on its Project Pele microreactor at Idaho National Laboratory. X-energy, which is already developing its high-temperature, gas-cooled reactor technology with Dow in Texas, announced a commitment from Amazon for a 320-megawatt project with Energy Northwest in Washington State. Kairos Power also started construction on its Hermes reactor in Oak Ridge, Tennessee. The project is one of several projects being supported through DOE’s Advanced Reactor Demonstration Program.
DOE Launched a US$900 Million Program to Demonstrate up to Two Advanced Light-Water Small Modular Reactor Systems in the United States
The new program encourages a consortium-based approach to lower the risk of deploying new reactor technologies. It will also facilitate multi-reactor order books and provide additional support to build out the advanced light-water reactor supply chain.
The ADVANCE Act to Address the Speed of Licensing New Reactors
Four years after President Trump signed the 2019 Nuclear Energy Innovation and Modernization Act, President Biden signed another key bipartisan bill known as the ADVANCE Act to help speed up the deployment and licensing of new reactors and fuels. The new bill helps develop a modernized approach to licensing new reactor technologies. The bill also makes strides to develop guidance for smaller reactor technologies and advanced fuel cycles.
In response to Congress’s legislation directing NRC to develop new frameworks for licensing nuclear technology, NRC is currently in the process of crafting two new regulatory processes—one for advanced reactor technology like SMRs and microreactors, and another for fusion energy machines under the byproduct materials rule. The new licensing regulations are designed to streamline applications to NRC and allow for design-specific safety reviews of first-of-a-kind reactor technology. The final rule for advanced reactor technology is expected to be issued in summer 2026, and the proposed rule for fusion machines is expected to be published in May 2025.
Further, in February 2025, NRC published its proposed fee schedule fiscal year 2025. The new fee schedule would reduce the hourly fee for advanced reactor pre-applicants and applicants by 50%, from US$146/hour to US$323 per hour. The rule is set to take effect on 1 October 2025.
New Areas of International Cooperation Were Put Forward
DOE launched the world’s first two regional Clean Energy Training Centers in Poland and Ghana this year to jump-start the countries’ domestic civil nuclear energy programs. The centers will serve the regions as training hubs for countries considering new or expanded nuclear reactor deployments and will build on previous international agreements to grow global nuclear energy capacity.
Additional Proposed Solutions to Deal with Spent Nuclear Fuel
DOE is moving forward on a project to design, build, and operate a federal consolidated interim storage facility for spent nuclear fuel that would be sited through DOE’s consent-based siting process. The facility would be licensed by NRC and initially built to store around 15,000 metric tons of spent nuclear fuel, with options to expand. It would also include the development of new modern railcars to transport the spent fuel.
The firm is actively monitoring the exciting growth of nuclear power in the United States and across the world. As nuclear policy continues to evolve, and opportunities in the nuclear industry continue to grow, the energy, policy, and regulatory professionals at the firm stand ready to help guide you through the exciting developments happening now in nuclear energy.
US Customs and Border Protection Issues Guidance on Reciprocal Tariffs
US Customs and Border Protection (CBP) issued guidance on its Cargo Systems Messaging Service[1] on April 4, 2025 implementing the first round across-the-board 10% duty under the President’s reciprocal tariff executive order (the Reciprocal Tariffs EO), and issued additional guidance on April 8, 2025 concerning the Reciprocal Tariffs EO’s second round of country-specific tariffs (together, the CBP Guidance). The 10% duty went into effect on April 5 and the country-specific tariffs are effective on April 9, 2025. Both are imposed on most goods imported into the US, with narrow exceptions.
Tariff HTSUS Codes
A Harmonized Tariff Schedule of the United States (HTSUS) code is a unique classification used to identify and categorize goods for import and export purposes. These codes help determine the applicable tariff rates and regulations for specific items entering the US.
10% Worldwide Tariff
The CBP Guidance requires importers to use HTSUS code 9903.01.25 when filing entry summaries for all imported goods subject to the 10% tariff. This applies to goods entered for consumption, or withdrawn from warehouse for consumption, on or after 12:01 a.m. EDT on April 5, 2025, unless they are subject to country-specific tariffs or fall under one of the exceptions listed below.
Country-Specific Tariffs
The CBP Guidance also requires importers to apply the following country-specific HTSUS code listed in Annex I of the Reciprocal Tariffs EO. These country-specific ad valorem duty rates will replace the 10% additional ad valorem duty under HTSUS code 9903.01.25. This applies to goods entered for consumption, or withdrawn from warehouse for consumption, on or after 12:01 a.m. EDT on April 9, 2025, unless they fall under one of the exceptions listed below.
HTSUS codes for select countries are set forth below; the full list is available in Annex I.
9903.01.50: Articles the product of Jordan or the European Union (Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden) will be assessed an additional ad valorem rate of duty of 20%.
9903.01.53: Articles the product of Brunei, Japan, or Malaysia will be assessed an additional ad valorem rate of duty of 24%.
9903.01.54: Articles the product of South Korea will be assessed an additional ad valorem rate of duty of 25%.
9903.01.55: Articles the product of India will be assessed an additional ad valorem rate of duty of 26%.
9903.01.63: Articles the product of China, including Hong Kong and Macau, will be assessed an additional ad valorem rate of duty of 34%.
9903.01.72: Articles the product of Vietnam will be assessed an additional ad valorem rate of duty of 46%.
Exceptions
The above tariffs do not apply to goods that fall within one of the following categories. Importers should not use the HTSUS codes listed above and should instead use the alternate HTSUS codes listed below:
9903.01.25 – Goods in transit with country-specific rates: Goods from countries with a country-specific duty rate are loaded onto a vessel in transit on or after 12:01 a.m. EDT April 5, 2025, and before 12:01 a.m. EDT April 9, 2025, and entered for consumption or withdrawn from warehouse for consumption before 12:01 a.m. EDT May 27, 2025, are subject to the 10% additional tariff, rather than the country-specific rate.
9903.01.26 – USMCA-origin goods from Canada: Goods that originate in Canada, including those entered free of duty under the United States-Mexico-Canada Agreement (USMCA).
9903.01.27 – USMCA-origin goods from Mexico: Goods that originate in Mexico, including those entered free of duty under the USMCA.
9903.01.28 – Goods in transit: Goods loaded onto a vessel at the port of loading before 12:01 a.m. EDT on April 5, 2025, and entered for consumption or withdrawn from warehouse on or after this date. Notably, CBP clarifies that importers have until 12:01 a.m. EDT on May 27, 2025 to declare these items to use this code.
9903.01.29 – Goods from sanctioned countries: Articles from countries subject to US sanctions (e.g., Belarus, Cuba, North Korea, Russia).
9903.01.30 – Donations for humanitarian purposes: Donations intended for human suffering relief, such as food, clothing, and medicine.
9903.01.31 – Informational materials: Goods considered informational materials, such as books, films, photos, microfilm, and news wire feeds.
9903.01.32 – Articles in Annex II: Goods specifically enumerated in Annex II.
9903.01.33 – Iron, steel, aluminum, and vehicle parts: Certain articles of iron, steel, aluminum, and passenger vehicles or light trucks, as well as parts subject to Section 232 actions.
9903.01.34 – Goods with US content: Articles with at least 20% US-origin content will not be subject to tariffs under the Reciprocal Tariffs EO on the US portion; only the non-US content will be tariffed.
The above tariffs also do not apply to goods that are properly entered under certain provisions of HTSUS Chapter 98, as long as they meet CBP’s regulations. However, there are important exceptions:
9802.00.80 – Articles assembled abroad: Additional duties will apply to the value of the assembled article from abroad, minus the cost of any US-made parts.
9802.00.40, 9802.00.50, and 9802.00.60 – Repairs, Alterations, or Processing: Additional duties apply to the value of the work done abroad.
Tariff Mitigation Strategies
De Minimis Exemption
As noted in our previous client alert, shortly after releasing the Reciprocal Tariffs EO, the Trump Administration issued another executive order announcing that the $800 de minimis exemption would not be available for goods originating in or shipped from China and Hong Kong. CBP’s guidance confirms that the exemption remains available for shipments from other countries—at least for now. Importers sourcing low-value goods from non-Chinese suppliers may continue to rely on Section 321 entry, though future limitations could be imposed.
Foreign Trade Zones (FTZs)
The guidance reiterates that goods entered into FTZs under privileged foreign (PF) status are subject to the reciprocal tariffs upon withdrawal. This means that even if importers process or assemble goods within the FTZ, they will still be subject to the reciprocal tariffs upon withdrawal for US consumption.
Duty Drawback
In our prior client alert, we noted that the Reciprocal Tariffs EO did not restrict duty drawback—suggesting the possibility of recovery. CBP has now confirmed that duties paid under the reciprocal tariff are eligible for drawback, an important clarification. Duty drawback provides flexible opportunities for relief, including:
Unused Merchandise Drawback – For goods exported without use in the US.
Manufacturing Drawback – For imported components used in goods that are exported out of the US.
Rejected Merchandise Drawback – For defective or nonconforming goods returned or destroyed under CBP supervision.
Third-Party Drawback Agreements – Importers without sufficient exports may partner with exporters to share drawback benefits.
Critically, across many drawback categories, the exported items need not be identical to the imported goods—as long as they share the same 8-digit HTSUS classification, they may qualify for drawback. This classification-based matching significantly expands eligibility and should be evaluated as part of any mitigation strategy.
Conclusion
The CBP Guidance offers critical clarity on tariff scope and administration while reinforcing the importance of compliance strategies. Importers should take proactive steps to prepare for the new tariffs by reviewing their operations and identifying potential mitigation strategies. This includes auditing HTSUS classifications to ensure accuracy, including the appropriate Chapter 99 codes for exemptions. Importers should also evaluate their supply chains to determine opportunities for sourcing alternatives or utilizing FTZs. Exploring duty drawback options is key, and importers should consider formalizing these programs where appropriate. It is essential to stay informed on any additional guidance, particularly regarding the country-specific tariffs effective on April 9. Early engagement with legal or trade advisors will help minimize exposure and facilitate compliance.
We continue to monitor developments and are available to assist clients in navigating this evolving landscape. For additional information, please contact the International Trade Controls team.
[1] We note that while CBP implemented the February and March tariffs imposed on Canada, Mexico, and China through Federal Register notices, it used the Cargo Systems Messaging Service (CSMS) for its most recent announcement on the reciprocal tariffs (and may follow up with Federal Register notices). The reason for this deviation from the norm is unclear (and may be simply a result of the fast-moving pace of changes to tariff policy), but industry should be aware of the distinction and should monitor CSMS as well as the Federal Register for changes.
DORA Compliance: Navigating the Latest Developments
On 24 March 2025, the following two developments relating to the implementation of the EU Digital Operational Resilience Act (DORA) took place:
the European Commission (Commission) adopted a Delegated Regulation supplementing DORA with regard to regulatory technical standards (RTS) on the subcontracting of information communication and technology (ICT) services that support critical or important functions (Subcontracting RTS); and
the Delegated Regulation supplementing DORA regarding the RTS to specify the criteria for determining the composition of the joint examination team was published in the Official Journal of the European Union (OJEU) (JET RTS).
In addition, on 27 March 2025, the Commission published a press release (Press Release)setting out its decision to open infringement procedures against certain EU member states for failing to fully transpose the Directive on DORA (DORA Directive) into their national law.
Subcontracting RTS
The Commission has adopted the Subcontracting RTS, which specifies the elements that a financial entity must determine and assess when it permits its ICT third-party providers (TPPs) to subcontract ICT services supporting critical or important functions (or material parts of such functions).
The Commission initially rejected a version of the draft Subcontracting RTS due to concerns that requirements introduced went beyond the mandate given to the European Supervisory Authorities (ESAs). Further information regarding such rejection of the draft Subcontracting RTS can be found in our previous article (available here).
The most significant change since the previous draft of the Subcontracting RTS is the deletion of Recital 5 and Article 5, which would have included mandatory contract content requirements relating to ongoing monitoring of the chain of ICT subcontractors providing ICT services supporting critical or important functions.
Nevertheless, in-scope financial entities will still have to monitor their subcontracting supply chains:
financial entities must still maintain an adequate register of information, which may in turn trigger indirect supply chain monitoring obligations (including contractual obligations) on TPPs; and
the Subcontracting RTS still include certain flow down requirements in relation to TPPs subcontracts, which were not rejected by the Commission.
In summary, the Subcontracting RTS:
establish the rules on proportionality and group application;
set out rules on due diligence and risk assessment regarding the use of subcontractors supporting critical or important functions;
establish the description and the conditions under which ICT services supporting a critical or important function may be subcontracted; and
contain the rules on material changes to subcontracting arrangements of ICT service supporting critical or important functions and the provisions on the termination of contractual arrangements.
The Subcontracting RTS will enter into force on the twentieth day after its publication in the OJEU.
JET RTS
The JET RTS were published in the OJEU on 24 March 2025. This follows the Commission’s adoption of the JET RTS in December 2024.
The JET RTS have been developed under a mandate contained in Article 41(2) of DORA. The aim of the JET RTS is to ensure a balanced participation of staff members from the ESAs and from the relevant competent authorities, and to establish arrangements for their designation, tasks and working arrangements of team members.
The JET RTS will come into force on 13 April 2025 (i.e., 20 days after publication in the OJEU).
Non-transposition of DORA Directive
Member states were required to transpose the DORA Directive into national law by 17 January 2025.
The Commission has sent a letter of formal notice to 13 member states (i.e., Belgium, Bulgaria, Denmark, Greece, Spain, France, Latvia, Lithuania, Malta, Poland, Portugal, Romania and Slovenia) for failing to fully transpose the DORA Directive. These member states now have two months to respond and to complete their transposition and notify their measures to the Commission. In the absence of a satisfactory response, the Commission may decide to issue a reasoned opinion.
In the Press Release, the Commission explains how full implementation of DORA is key to strengthen the digital operational resilience of financial entities across the EU.
The Subcontracting RTS, the JET RTS and the DORA Directive are available here, here and here, respectively.
DOJ Rule Restricting Sensitive Data Transfers Takes Effect
Today, April 8, 2025, the U.S. Department of Justice’s Final Rule restricting transfers of bulk sensitive personal data and U.S. government-related data becomes effective, implementing former President Biden’s Executive Order 14117 – Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (the “Final Rule”). The Final Rule aims to protect U.S. national security by restricting certain data transactions with covered persons or countries of concern, which currently include Russia, Iran, North Korea, Cuba, Venezuela, and China (including Hong Kong and Macau). U.S. businesses must work now to ensure compliance and avoid significant penalties for violations.
The Final Rule defines many key terms such as “covered data transaction,” “country of concern,” “U.S. person,” “covered person,” “bulk U.S. sensitive personal data,” “government-related data,” “human ‘omic data,” and “knowingly,” while providing examples of restricted transactions. Ultimately, the Final Rule prohibits certain transfers of U.S. government related data and bulk U.S. sensitive personal data to covered persons (see §202.243 Prohibited Transaction), adopting a 50% ownership threshold to capture certain foreign persons as covered persons akin to Office of Foreign Assets Control (OFAC) sanction designations for covered persons (see §202.211 Covered Person).
U.S. government-related data means certain precise geolocation data, regardless of volume, explicitly enumerated in the rule and any sensitive data, regardless of volume, linkable to current or recent employees of the U.S. government (see §202.222 Government-Related Data and §202.1401 Government-Related Location Data List).
While bulk U.S. sensitive personal data means any amount of sensitive personal data that meets or exceeds the following thresholds at any point in the preceding 12 months, whether through a single covered data transaction or aggregated across covered data transactions involving the same U.S. person and the same foreign person or covered person:
Human ‘omic data collected about or maintained on more than 1,000 U.S. persons, or, in the case of human genomic data, more than 100 U.S. persons (human ‘omic data includes human genomic data, human epigenomic data, human proteomic data, and human transcriptomic data, but excludes pathogen-specific data embedded in human ‘omic data sets);
Biometric identifiers collected about or maintained on more than 1,000 U.S. persons;
Precise geolocation data collected about or maintained on more than 1,000 U.S. devices;
Personal health data collected about or maintained on more than 10,000 U.S. persons;
Personal financial data collected about or maintained on more than 10,000 U.S. persons;
Covered personal identifiers collected about or maintained on more than 100,000 U.S. persons; or
certain data combinations of (a) – (f) combined data (see§202.205 Bulk and 202.206 Bulk U.S. Sensitive Personal Data).
Prohibited Transactions
The Final Rule prohibits U.S. persons from:
Knowingly engaging in any covered data transaction involving data brokerage with a country of concern or covered person; a covered data transaction is any transaction that involves any access by a country of concern or covered person to any government-related data or bulk U.S. sensitive personal data and that involves: (a) data brokerage; (b) a vendor agreement; (c) an employment agreement; or (d) an investment agreement (see 202.301 Prohibited Data-Brokerage Transactions and §202.210 Covered Data Transaction).
Knowingly engaging in any transaction that involves any access by a foreign person to government-related data or bulk U.S. sensitive personal data and that involves data brokerage with any person unless the foreign person is contractually restricted from engaging in a subsequent covered data transaction involving data brokerage of the same data with a country of concern or covered person and the U.S. person reports any known or suspected violation of the contractual requirement (see 202.302 Other Prohibited Data-Brokerage Transactions Involving Potential Onward Transfer to Countries of Concern or Covered Persons).
Knowingly engaging in any covered data transaction with a country of concern or covered person that involves access by that country of concern or covered person to bulk U.S. sensitive personal data that involves bulk human ‘omic data, or to certain human biospecimens (see 202.303 Prohibited Human `Omic Data and Human Biospecimen Transactions).
Knowingly directing any transaction that would be a prohibited transaction or a restricted transaction that fails to meet the applicable requirements if such transaction was engaged in by a U.S. person (see 202.305 Knowingly Directing Prohibited or Restricted Transactions).
Evading or avoiding, causing a violation of, or attempting to violate these prohibitions (see 202.304 Prohibited Evasions, Attempts, Causing Violations, and Conspiracies).
The prohibited transactions are categorically prohibited unless otherwise authorized pursuant to an exemption, general license, or specific license.
Restricted Transactions
The Final Rule creates a set of restricted transactions, including a vendor agreement, employment agreement, or investment agreement as to which U.S. persons may engage if the U.S. person complies with certain cybersecurity program requirements published by Cybersecurity & Infrastructure Security Agent (CISA), as well as reporting and recordkeeping requirements (see §202.401 Authorization to Conduct Restricted Transactions).
Exempted Transactions
The Final Rule exempts the following categories of transactions that would otherwise be prohibited or restricted transactions:
Personal Communications
Information and Informational Materials
Travel
Official Business of the U.S. Government
Financial Services
Corporate Group Transactions
Transactions Required or Authorized by Federal Law or International Agreements, or Necessary for Compliance with Federal Law
Investment Agreements Subject to CFIUS Action
Telecommunication Services
Drug, Biological Product, and Medical Device Authorizations
Other Clinical Investigations and Post-Marketing Surveillance Data (see Exempt Transactions §§202.501 through 202.511)
Licensing and Advisory Opinions
The Final Rule provides for processes to obtain licenses authorizing otherwise prohibited or restricted transactions (see Licensing §§202.801 through 202.803). Additionally, the Final Rule provides the ability to apply for advisory opinions as necessary (see Advisory Opinions §202.901).
Reporting and Recordkeeping Requirements
The Final Rule enacts compliance requirements for due diligence, audits of restricted transactions, as well as other record keeping and annual reporting requirements. The reporting requirements include an obligation to file an annual report of certain restricted transactions becoming effective on October 6, 2025 (see Reporting and Recordkeeping Requirements §§202.1101 through 1104).
Penalties
The Final Rule provides substantial civil and criminal penalties for violations. Civil penalties can reach the greater of $368,136 or an amount that is twice the amount of the transaction (subject to adjustment for inflation). For willful violations, criminal penalties include $1 million fines and up to 20-year imprisonment (see Penalties and Finding of Violation §§202.1301 through 202.1306).
Conclusion
The Final Rule becomes effective today April 8, 2025. U.S. businesses that collect, maintain, or transfer sensitive personal data, or government-related data, should carefully review their business activities alongside related data collection and transfer policies. Then the U.S. business may assess potential exposure to liability under the Final Rule, making any necessary policy adjustments for covered data transactions to ensure ongoing compliance for data collection and transfers.
Europe: UK’s FCA Axes Proposed “Name and Shame” and D&I Requirements, and Delays Non-financial Misconduct Rules
The UK’s Financial Conduct Authority had proposed a so-called “name and shame” approach that would have allowed it, subject to certain safeguards, to disclose its investigations into firms publicly at an early stage (see our earlier blog); however, following significant criticism from the financial industry and Parliament—largely highlighting risks that early disclosure could potentially cause irreversible damage to firms, including those later cleared of any wrongdoing—the FCA has abandoned the proposal.
It has, however, retained its existing ability to make a public announcement that it is or is not investigating a matter in “exceptional circumstances”. Existing guidance suggests that the FCA might, for example, do this where it needs to confirm that it is investigating something where there is public concern or speculation. It might also, exceptionally, publish details of an investigation’s findings if the fact of the investigation has become public and the FCA has found that the investigation was unwarranted.
The FCA had also sought to require financial services firms to collect and report diversity data, and set diversity and inclusion (D&I) targets, with a view to encouraging more inclusive workplaces. However, industry detractors argued that the FCA’s proposed mandatory D&I rules could become an onerous “tick-box” exercise. Instead, the FCA has reverted to its original position of encouraging financial institutions to adopt their own voluntary approaches to improving diversity.
Despite recent high-profile cases, and a Treasury Select Committee report titled “Sexism in the City” which found a “shocking” prevalence of sexual harassment and bullying in the financial services industry, the FCA has delayed until June 2025 the finalisation of new rules on non-financial misconduct that are expected to expand the extent to which non-financial misconduct may be relevant to compliance with FCA rules.
For further information, please see our corresponding alert.
DOJ Final Rule on Bulk Transfer of Sensitive U.S. Personal and Government Data to Countries and Persons of Concern Goes Into Effect
On April 8, 2025, the Department of Justice’s final rule implementing Executive Order 14117 (“Final Rule”) went into effect, with the exception of certain due diligence, audit and reporting obligations that will take effect on October 5, 2025. The Final Rule restricts the bulk transfer of sensitive U.S. personal and government data to certain countries and persons of concern.
The Final Rule establishes a national security regulatory regime that either prohibits or restricts “covered data transactions,” which are certain transactions (i.e., data brokerage, employment agreements, investment agreements and vendor agreements) that could result in access to bulk U.S. sensitive personal data or government-related data by (1) a “country of concern” (i.e., China, Cuba, Iran, North Korea, Russia and Venezuela) or (2) a “covered person” (e.g., an entity with 50% or more ownership by a country of concern, an entity organized under the laws of, or with their principal place of business in, a country of concern, or a foreign person that is an employee or contractor of such entity or a primary resident of a country of concern).
Read our previous coverage of the Final Rule.
FCA Backpedals: “Name and Shame” and Diversity and Inclusion Requirements Axed, and Non-financial Misconduct Rules Delayed
The United Kingdom’s Financial Conduct Authority (FCA) has announced significant changes to its regulatory approach, including dropping the obligation to “name and shame” firms under investigation, dropping the proposed “Diversity and Inclusion” (D&I) requirements, and delaying the promised reforms addressing non-financial conduct in financial services.
“Name and Shame” Dismissed
The FCA had proposed to publicly disclose investigations into firms at an early stage to adhere to the “public interest” and increase consumer confidence in their function as the United Kingdom’s public watchdog.
However, following significant criticism from the financial industry and Parliament, largely concerning premature disclosure causing irreversible damage to firms even if they were later cleared of any wrongdoing, the FCA has deserted the idea. However, it should be noted that whilst the FCA decided to abandon its controversial proposal to name the subjects of its investigations, there remains the potential that the FCA will rely on the pre-existing “exceptional circumstances” test when seeking to make its investigations public.
The parameters of what would amount to “exceptional circumstances” remains unclear. This provision should only be used in “limited cases” when the FCA believes there is a serious risk to consumers or market integrity.
The FCA will proceed with the rest of the proposal to publish information concerning investigations in the following circumstances:
Reactively confirm investigations that are officially announced by others, such as market announcements, disclosures made by the firms themselves, or announcements by a partner regulator;
Publicly notify the unlawful activities of unregulated firms and regulated firms operating outside the regulatory perimeter to protect consumers or further the investigation; and
Anonymously Publish issues under investigation using a regular bulletin such as Enforcement Watch.
Despite aiming to balance public accountability with the risk of unfairly harming firms and individuals under investigation, the lack of transparency in the parameters of the “exceptional circumstances” test, especially with the FCA having desired to publicly “name and shame,” causes understandable concern for many within the financial industry.
D&I Dropped
In September 2023, the FCA, alongside the Prudential Regulatory Authority, aimed to improve D&I in the financial services industry by requiring firms to collect and report diversity data and set targets to incorporate and grow their D&I to ensure a more inclusive workplace. These requirements would, according to the FCA at the time of its proposal, improve outcomes for both consumers and the market.
However, in light of the criticism from the industry arguing that the imposition of D&I requirements from a regulator could cause too much of a burden on creating another “tick-box” exercise and that instead it should be a voluntary requirement, this proposal has been retracted by the FCA.
The FCA has dropped the formal D&I requirements and has fallen back to its original position: encouraging financial institutions to improve diversity on the terms they see fit on a voluntary basis.
Delays in Non-financial Misconduct Policies
Having scrapped both plans to address transparency through the “name and shame” proposal as well as having dropped the initiative to implement stronger D&I requirements, the FCA has also decided to delay its work on non-financial misconduct. Non-financial misconduct involves issues such as sexual harassment, bullying, and other workplace misconduct in the financial services industry.
This comes in response to an inquiry launched by the Treasury Select Committee named “Sexism in the City,” which found a “shocking” prevalence of sexual harassment and bullying in the financial services industry. In the three years covered by the survey, bullying and harassment made up 26% of cases, discrimination made up 23%, and 41% was categorized as other, indicating the difficulty in categorizing areas and issues of personal misconduct. Only 43% of cases had disciplinary or “other” actions taken. The committee said both the government and financial regulators have an important role to play in driving this change.
Despite the survey and recent high-profile cases, the FCA has delayed the publishing of new rules on nonfinancial misconduct until June 2025.
Despite this delay, the FCA has reaffirmed that tackling nonfinancial misconduct remains a priority, particularly under the conduct standards found within the Senior Managers and Certification Regime.
What Does This Mean for Financial Firms?
It seems the FCA is attempting to balance the need for transparency and accountability with industry concerns.
In balancing these concerns, the following position is agreed:
Investigations into firms will not be automatically disclosed, unless they fall within the “exceptional circumstances” test.
D&I will remain a voluntary initiative, rather than a regulatory requirement.
Non-financial misconduct rules are coming, however, with delay.
Analysing the Case of Krishna Holdco Ltd v Gowrie Holdings Ltd: Insights into Litigation Privilege Executive Summary
Executive Summary
In a recent judgment, the High Court in Krishna Holdco Ltd v Gowrie Holdings Ltd [2025] EWHC 341 (Ch) has found that litigation privilege did apply to a valuation report prepared for the potential sale of a subsidiary company because that sale was driven by litigation – namely a dispute between two shareholders. The court’s decision underscores the intricacies associated with determining the dominant purpose of a document for the purposes of a claim to litigation privilege, and advocates for an approach which considers the wider context in which a document has been created.
Background
The dispute between Krishna Holdco Limited (Krishna) and Gowrie Holdings Limited (GHL) centers around unfair prejudice proceedings, with Krishna having previously secured a judgment requiring GHL to purchase Krishna’s shares in their jointly owned company, LBNS. The case involves multiple parties, including individual respondents and several corporate entities, with the litigation primarily focusing on the valuation of Krishna’s shares and the associated disclosure of documents.
The conflict goes back to early 2019, when tensions arose between Krishna and GHL over the management and financial stability of LBNS. A critical issue emerged regarding the potential withdrawal of banking facilities by HSBC, allegedly due to Krishna’s refusal to provide certain “Know Your Client” information. In response, GHL considered purchasing LBNS’s trading subsidiaries, GLL and LL, to mitigate the risk posed by the banking issues. This led to the creation of valuation reports concerning GLL and LL by PwC, over which a claim to litigation privilege was subsequently made.[1]
Court Decision
In determining whether the PwC valuation reports were subject to litigation privilege, emphasis was placed on the dominant purpose behind the creation of these documents.
In determining the purpose, the Court considered the context in which the documents were created, including the ongoing litigation and the strategic response to the potential withdrawal of banking facilities. The Court found that the valuation work was not merely a commercial transaction but a subset of a defense strategy in the broader dispute. This approach aligns with recent authority, such as the Director of the Serious Fraud Office v Eurasian Resources Corporation [2017, EWHC 1017 (QB)], where the court emphasized the importance of understanding the factual and commercial context when determining the dominant purpose of document creation.
Accordingly, the court concluded that the reports were produced for privileged purposes, as they were created as part of a broader strategy to address the ongoing dispute between Krishna and GHL.
Implications
In comparison to other recent cases, such as the Eurasian Resources case, the Krishna decision underscores a consistent judicial approach to evaluating the dominant purpose of documents for the purposes of litigation privilege. Both cases illustrate the willingness of the Courts to look beyond the surface of transactions and consider the underlying motivations and strategic considerations behind them.
Accordingly, this decision supports an approach of taking a broader view as to the purpose of a document by taking into account the wider context in which the document was created. As a result, what on the face might appear to be a separate purpose for creating a document may in fact be part of a broader and overall litigation purpose, in which case the “dominant purpose” test for litigation privilege may well be satisfied.
In this respect, the decision also serves as a reminder of the importance of maintaining clear and comprehensive records of the intentions behind document creation, as these records can be pivotal in asserting privilege.
[1] A claim was also made that the reports were subject to “without prejudice” privilege.
President Trump’s Tariffs Announcement and their Impact on Mexico
On April 2, 2025, U.S. President Donald Trump announced his tariff policy for numerous countries. In the case of Mexico, exported products that comply with the USMCA regulations are exempt from tariffs, which are approximately half of Mexico’s exports to the United States.
Products exported from Mexico that do not qualify as originating under USMCA provisions will be subject to a 25% tariff. Previously, these products were subject to a 2.5% tariff rate. The 25% tariff on products not protected under the terms of the USMCA, which account for half of Mexico’s exports to the U.S., and have an estimated value of US$300 billion, was enacted by Trump to press Mexico on preventing fentanyl trafficking and undocumented migration. If Mexico continues working with the U.S. on issues of fentanyl and unauthorized immigration, products not protected by the USMCA will be lowered to a 12% tariff rate. Manufacturers and other producers may address compliance with USMCA regulations, but this will not be simple and in the process, could become less competitive and lose market share.
Mexico had a slightly better outcome as it relates to tariffs in comparison with other countries. President Trump’s announcement could potentially usher in new investment opportunities for Mexico, particularly by international companies involved in the export of manufactured products to the U.S. severely affected by tariffs. Countries such as Taiwan (32% tariff), Vietnam (46% tariff), and South Korea (25% tariff), among others, which export approximately US$380 billion in products to the U.S. could potentially look to relocate manufacturing operations to Mexico to bypass tariffs for exporting to the U.S. under the USMCA rules.
The current trade landscape is highly complex. Multinational companies will need to find ways to remain competitive and keep market share while assessing what their global operations may look like in the future.
Changes on the Horizon for UK Alternative Investment Fund Management Regulation
On 7 April 2025, HM Treasury published a consultation to overhaul the regulation of Alternative Investment Fund Managers (“AIFMs“) in the United Kingdom (“Consultation“). The Financial Conduct Authority (“FCA“) has published a call for input alongside the Consultation (“Call for Input“), which indicates its approach to regulating AIFMs within the framework proposed in the Consultation.
The objective of the Consultation is to explore whether the regulatory framework should be simplified. By removing elements from the legislative framework, the UK Government intends to enable the FCA to establish a more graduated and proportionate approach to regulation of AIFMs.
John Verwey, Partner in Proskauer’s regulatory team, notes the headlines are: “
HM Treasury’s Policy Proposals to Streamline the Framework for AIFMs
The Consultation outlines a number of policy proposals to streamline the regulatory framework:
a. Amending the “full scope” AIFM Threshold:
Currently, the rules applicable to managers of funds with professional investors are largely derived from the Alternative Investment Managers Directive (the “AIFMD”). The rules are dependent on certain assets under management (“AUM”) thresholds with managers of funds above particular thresholds are classified as “full scope UK AIFMs”.
The Consultation suggests eliminating fixed legislative thresholds that currently mandate that those managing assets above €100m – or €500m for funds that are unleveraged and without early redemption rights – adhere to what are known as the full-scope AIFMD requirements.
These fixed thresholds have not been updated since 2013, creating a “cliff-edge” effect where market fluctuations can suddenly trigger a steep increase in regulatory burdens for small registered AIFMs and small authorized AIFMs (the “Small Regimes”). Instead, HM Treasury envisions empowering the FCA to set and adjust thresholds dynamically, based on firm size, activities, and associated risk profiles, thus preventing abrupt increases in compliance costs.
b. Additional Proposals for Refinement:
The Consultation also includes some other areas in which HM Treasury intends to legislate as part of the new regulatory framework for AIFMs:
Revising Definitions and Perimeter IssuesKey definitions underpinning the regulatory perimeter would be transferred to the Regulated Activities Order to provide legal clarity and consistency.
Marketing Notification AdjustmentsThe current requirement for a 20-day FCA notification before marketing AIFs may be eased to reduce delays in launching new products.
Private Equity Notification AdjustmentsThe current requirement to disclose significant holdings in UK non-listed companies and issues to the FCA might be removed or the information may have to be notified elsewhere.
Reviewing External Valuation Liabilities:HM Treasury has recognized concerns that the current approach of imposing direct liability on external valuers discourages market participation. This may be addressed by considering a shift to contractual liability, balancing effective risk management with improved market access.
No Changes to the National Private Placement RegimeIt is important to note that no changes are proposed to the existing National Private Placement Regime, which will continue to govern the marketing of overseas AIFs in the UK.
FCA’s Call for Input
Complementing HM Treasury’s proposals, the FCA has published its own Call for Input, outlining how it intends to implement a revised regulatory regime. A key element of this new approach is the proposal to introduce a three-tiered approach to regulation of AIFMs.
a. Making the rules clearer
The FCA plans to group the AIFM regime into clearer, thematic categories that reflect different business activities and phases of the product cycle, as follows:
Structure and operation of the firm;
Pre-investment phase;
During investment; and
Change-related.
By structuring the rules in this way, the FCA hopes it would be easier to set clear requirements for firms of different sizes. The FCA’s key proposal is that AIFMs will be classified in the following tiers:
Largest Firms (more than 5bn net asset value): These firms will be regulated under a regime similar to the current full-scope AIFMD rules – with some burdensome, prescriptive requirements removed. These firms, which manage a significant share of market assets, will remain under rigorous oversight. However, even for these firms, the FCA may remove some elements of prescriptive detail.
Mid-Sized Firms (between £100m and £5bn net asset value): These firms will be subject to a regulatory regime, covering all the same areas as the current regime, but without many of the prescriptive detailed requirements, to allow for greater flexibility. This tier is designed to give mid-sized managers the freedom to innovate without compromising necessary risk controls.
Small Firms (up to £100m net asset value): These firms will have to comply with core, baseline standards intended to minimize the regulatory burden and support market entry, thus encouraging growth in emerging and niche sectors.
The FCA proposes to calculate the thresholds on the basis of net asset value (assets minus liabilities) of the funds managed by the AIFM as opposed to the current approach to focus on the assets under management.
The FCA also plans to evaluate the adequacy and effectiveness of current AIFMD provisions in addressing risks from leverage in line with the forthcoming Financial Stability Board recommendations.
b. Moving up to a higher category
Firms would no longer be required to apply for a variation of permission when moving between size categories. Instead, they would notify the FCA of their classification, including any decision to opt into a higher category – potentially through a process similar to that used under the Senior Managers and Certification Regime (SM&CR). Firms will have the option, but not the obligation, to comply with the requirements applicable to larger firms (i.e. opting-up to a higher threshold regime).
c. Sector-specific rules
The FCA recognises that different types of alternative funds have distinct operating models and proposes bespoke measures tailored to these differences without compromising on investor protection.
The FCA provides some examples on how it might rewrite the rules in relation to risk management rules so that they apply accordingly and proportionally to different types of firms. By way of example, all firms would be required to document and annually review policies and procedures, but only AIFMs with significant leverage or liquidity mismatch would have to set risk limits.
The FCA is also considering a separate regime for venture capital and growth funds and plans to reform the rules or listed closed-ended investment companies.
d. Other Areas of Review
The Call for Input also highlights other areas for future consultation:
Depositary and Custody Requirements:The FCA acknowledges industry concerns around the cost and inflexibility of depositary requirements, especially for private equity and real assets. The FCA is open to considering more flexible custody models, but no immediate changes are being proposed.
Remuneration: The FCA will also review the operation and effectiveness of the remuneration rules for AIFMs, alongside the code for UCITS management companies and investment firms.
Regulatory Reporting and Prudential Requirements: The FCA aims to review the prudential requirements and how they apply to different-sized firms. The FCA will also review the regulatory reporting rules to achieve a more effective reporting regime that is proportionate in its demands on firms and will consider how to achieve this.
Business Restrictions: The FCA recognises that the current rules appear to create costs and inefficiencies, requiring firms to seek top-up permissions for some activities or create new legal entities once a firm passes the size threshold. The FCA will consider the business restriction when they consider how the conduct and prudential rules will apply to firms in the new regime.
Next Steps
The Consultation and the Call for Input are both open for responses until 9 June 2025. Subject to feedback, and to decisions by HM Treasury on the future regime, the FCA plans to consult on detailed rules in the first half of 2026. The FCA will also provide more details on the timeline for implementation. Broadly, the FCA intends to give firms time to adapt to the new regime, while removing unnecessary rules relatively quickly.
UAE Enforcement Update: The FSRA and the DFSA Issue New AML-Related Fines
The UAE’s two financial free zones, established in the Emirates of Abu Dhabi and Dubai, possess their own civil and commercial legal frameworks, inclusive of court systems modeled closely on international standards and principles of common law and, importantly, autonomous financial services regulation. In the Abu Dhabi Global Market (“ADGM”), which was established by UAE Federal Decree No. (15) of 2013, the financial services regulatory authority is the Financial Services Regulatory Authority (“FSRA”). In the Dubai International Finance Centre (“DIFC”), which was established by UAE Federal Decree No. (35) of 2004, the financial services regulatory authority is the Dubai Financial Services Authority (“DFSA”). The FSRA and the DFSA have been and continue to be absolutely committed to maintaining Anti-Money Laundering (“AML”), Combating the Financing of Terrorism (“CFT”) and Counter Proliferation Financing (“CPF”) regimes that significantly deter any criminal elements, including money launderers and persons wishing to support, in any way, acts of terrorism and the proliferation of weapons of mass destruction. That commitment includes the rigorous supervision and enforcement of “Rulebooks”, which contain all the regulatory requirements applicable in the respective jurisdictions broken out into “Modules”, such as a “Recognition” Module, a “Conduct of Business” Module, an AML/CFT/CPF-related Module, and more. And in the latest example of their willingness and readiness to take enforcement actions against firms or individuals that violate those Rulebooks, the FSRA and the DFSA recently have imposed substantial fines on financial services businesses in the ADGM and the DIFC for AML/CFT/CPF- and reporting-related noncompliance. We examine those two enforcement actions in this article.
The FSRA’s Enforcement Action
In December 2024, the FSRA announced a financial settlement of USD 504,000 (AED 1.85 million) with a multi-asset brokerage firm operating in the ADGM (“the ADGM firm”). The settlement was reached after an investigation found that the ADGM firm had violated key AML provisions in the relevant Module of the FSRA Rulebook, particularly with regard to its failure to implement adequate measures to detect and report suspicious transactions over a period of nearly six years. Specifically, the ADGM firm failed to establish and maintain an effective AML framework—comprising policies, procedures, systems and controls—causing deficiencies related to customer due diligence, customer risk assessment, recordkeeping, and transaction monitoring. For further details, the FSRA’s Final Notice can be viewed here.
The DFSA’s Enforcement Action
Then in January 2025, the DFSA announced a provisional fine of USD 25,000 (AED 91,813) on a trading and investment business operating in the DIFC (“the DIFC trader”). The fine was issued following the DIFC trader’s failure to report certain suspicious transactions in violation of DFSA rules. Specifically, the DIFC trader neglected to report a series of alleged “wash trades,” which are fictitious transactions that create the false impression of genuine market activity but which involve no actual market risk as the same ultimate beneficial owner is both the seller and the buyer. Wash trades are widely recognized as illegal market manipulation as they generate misleading trading volumes, misrepresent demand, and artificially inflate asset prices. The fine is considered provisional as the DIFC trader has lodged an appeal. For further details, the DFSA’s Decision Notice can be viewed here.
Additional Considerations
Firstly, it should be noted that, while the DIFC trader allegedly failed to report market abuse that did occur, in the sense that the wash trades in question resulted in a 27% temporary spike in share price, the FSRA’s investigation into the ADGM firm identified no instances of actual money laundering. In other words, the USD 504,000 settlement amount did not relate to a sum of dirty money actually having been laundered by or via the ADGM firm. Rather, the ADGM firm was fined for deficiencies in its AML-related policies, procedures, systems and controls that could, in the future, lead to dirty money being laundered. Therefore, the FSRA action underscores the importance of devising, deploying and maintaining a robust compliance framework that provides for effective AML/CFT/CPF prevention, detection and reporting, particularly when operating in or from one of the UAE’s financial free zones given that the FSRA and the DFSA continue to exhibit zero-tolerance for violations and voracious appetites for enforcement.
Secondly, while the ADGM firm agreed not to dispute the FSRA’s findings and to settle at the earliest opportunity, the DIFC trader chose instead to contest the DFSA’s findings and to appeal the resultant financial penalty. The ADGM firm earned a discretionary discount of 20% off the financial penalty that would otherwise have been imposed on account of its election to settle the matter, and a further discount of 10% for cooperating with the FSRA’s investigation and for commencing remedial actions promptly. Should the DIFC trader’s appeal prove unsuccessful, then we expect it will qualify for no such discounts. In conclusion, the FSRA and the DFSA, just like many other regulators worldwide, view unfettered cooperation and meaningful remediation as fundamental prerequisites for mitigation credit.