Press Coverage
After Texas Ruling, States Seek to Fill Reproductive Health Data Privacy Gaps
December 15, 2025
The Securities and Exchange Commission (SEC) is actively evaluating whether to transition from the current quarterly reporting regime for domestic public companies to a semiannual reporting framework. Although no formal proposal or timeline has been released, recent public statements by President Donald Trump and SEC Chair Paul Atkins indicate strong support for such a shift. However, significant hurdles and practical considerations remain before any such implementation can take effect.
Key Takeaways
- The SEC is considering a shift from quarterly to semiannual reporting for public companies.
- No formal proposal has been issued, but recent statements suggest movement toward this change.
- Implementation would require significant regulatory updates and substantial market buy-in, which could take years.
- Companies should monitor developments and assess potential impacts on compliance and reporting practices.
Background
Semiannual reporting is not new to the U.S. capital markets, and this is not the first time the SEC has considered a change in reporting frequency. Before 1970, the U.S. was on a semiannual reporting schedule. The SEC adopted the Quarterly Report on Form 10-Q in 1970, after years of semiannual Form 9-K practice in the 1950s and 1960s, moving the U.S. from semiannual to quarterly periodic disclosure. Between 2018 and 2019, during President Trump’s first term, the SEC actively considered semiannual reporting after support for the change was also voiced by the president. The SEC initially requested data in a request for comment (RFC) at the end of 2018 covering: (i) overlaps between 10-Qs and earnings releases; (ii) whether earnings releases and Current Reports on Form 8-Ks could satisfy core 10-Q requirements; and (iii) whether rules should allow flexibility in frequency (issuer-wide or by class). Commentators were largely split between companies and their industry groups pushing for less frequent reporting against some investors (including banks, fund managers, etc.) pushing to maintain quarterly reporting. However, the SEC dropped the potential policy change by delaying the issuance of any official rulemaking proposal during the final year of President Trump’s first term. In 2021, however, shortly after President Joseph Biden took office and appointed then-SEC Chair Gary Gensler, the SEC officially withdrew the proposal from consideration and further development.
What’s New in September 2025 and Why This Time May Be Different
On September 15, 2025, President Trump called on the SEC to consider a regulatory shift to semiannual reporting over quarterly reporting by domestic public companies. President Trump’s support for less frequent reporting stems from two areas of concern: (i) reducing “short-termism concerns,” where investors and companies only focus on short-term improvements rather than long-term growth, and (ii) reducing compliance and reporting burdens for public companies to incentivize more companies to go — and stay — public. Shifting to semiannual reporting would also align the U.S. capital markets reporting scheme with other international reporting schemes (including Australia, the UK, and Europe) which already maintain a semiannual reporting frequency.
Atkins has also publicly signaled support for the reporting change. He briefly addressed the concept of semiannual reporting during an open SEC meeting on September 17, which was held to vote on mandatory arbitration clauses in initial public offerings (IPOs). Atkins described these measures as “among the first steps of my goal” to reinvigorate IPO activity. He has repeatedly stated that one of his main policy goals as SEC chair is to make becoming a public company more attractive by eliminating compliance requirements that do not provide meaningful investor protections, minimizing regulatory uncertainty, and reducing legal complexities in the SEC’s rules.
On September 30, the SEC received a formal petition from the Long-Term Stock Exchange, a San Francisco-based securities exchange, to permit public companies to report on a semiannual basis, although the SEC has yet to comment.
Proponents argue that semiannual reporting would reduce costs and duplicative efforts, while freeing management’s attention for strategic moves that may negatively impact a company’s earnings in the short term but result in better long-term outcomes. A shift to semiannual reporting would also ensure the U.S. is consistent with international markets and result in parity with foreign private issuers (public companies which are domiciled outside the U.S. but are required to, or voluntarily, report with the SEC), as many such international issuers operate without mandated quarterly filings.
Opponents raise concerns that transparency and market efficiency will suffer, as bad news may be delayed, volatility may increase, and analyst coverage could diminish. Such a change could also lead to detrimental impacts for insiders and controlling shareholders, as quarterly filings help manage the release of material nonpublic information and available trading windows, allowing potentially larger windows of time in which such insiders may freely trade in company securities. Less frequent mandated public reporting can complicate trading compliance unless companies supplement with robust current reports or make voluntary updates. Empirically, critics of semiannual reporting argue, a reporting change would not cure short-termism, as companies may still face quarterly expectations from markets, institutional investors, and creditors even without a legal mandate.
There May Be Considerable Regulatory Changes to Implement Semiannual Reporting
Rules 13a-13 and 15d-13 under the Securities Exchange Act of 1934, along with Form 10-Q instructions, establish quarterly periodic reports and their requirements. A move to semiannual reporting would require amending those rules and forms with coordinated updates to Regulation S-K, Regulation S-X interim presentations, review expectations by auditors (and the rules of the Public Company Accounting Oversight Board (PCAOB)), Financial Accounting Standards Board (FASB) and securities exchange rules (such as the New York Stock Exchange and Nasdaq). As a result, even if the SEC implements a rule change, a rolling implementation process would be necessary before the capital markets are fully aligned on semiannual reporting. This process could take several months if not years.
There may be some clues to the SEC’s potential course of action from the 2018 RFC. The SEC provided several potential options for shifting to a semiannual reporting scheme, while understanding and maintaining the market’s expectations for quarterly information. The SEC, at least in 2018, did not expect a hard or immediate shift to semiannual reporting but rather carveouts and/or exceptions to support the market’s expectations. Instead, the SEC asked for public opinions on options related to:
- Using the earnings release as the “core” of the Form 10-Q, trimming duplicative items and various guidance to better streamline quarterly reporting. Under this regime, there would still be quarterly reporting, but at a far lesser extent than what is currently required in Form 10-Q.
- Issuer- or class-based flexibility (e.g., by size or reporting status), where the SEC would preserve quarterly reporting for some issuers but allow semiannual for others. This could align with the trend and current regulations carving out or altering reporting requirements for smaller reporting companies and emerging growth companies.
- Elimination of quarterly reporting entirely and broadening the scope of Current Reports on Form 8-K to serve as the safety net for material, between-period events, and consider coordination with FASB and PCAOB if interim review/reporting standards change.
Another potential option briefly discussed by Atkins was to allow issuers the choice to provide quarterly reports and remove the mandated reporting requirements for the first and third quarters.
Practical Implications
From a practical perspective, reporting companies would need to consider the impact of the following if semiannual reporting is implemented:
- Insider trading and other transactions in company securities (including certain M&A or capital-raising activity) may be delayed or prohibited if there are longer periods of time in which insiders or companies possess material nonpublic information that will not be disclosed until the semiannual report.
- Staleness dates for financials/comfort letters, incorporation-by-reference timing, and shelf takedown readiness may need recalibration if interim financials are less frequent.
- Many credit agreements with lenders include covenants for quarterly reporting, which could greatly impact a company’s ability to shift to semiannual reporting. Companies seeking new debt arrangements may also be restricted in moving away from quarterly reports if creditors or debt investors still expect and demand quarterly reports.
- Issuers that move to semiannual reporting while their peers stay quarterly, if such an option is provided, could see relative information deficits that affect analyst coverage and liquidity resulting in market practices converging on voluntary quarterly reporting. As quarterly reporting in the U.S. has been the standard since 1970, over five decades of reliance and expectations on quarterly reports may make the actual shift to semiannual reporting less likely in practice even with a rule change.
- Sarbanes-Oxley (SOX) certifications and PCAOB interim reviews would need to be mapped to the new cadence, and internal controls would need to support timely event-driven Form 8-Ks and Regulation FD disclosures. This would require internal shifts to ensure SOX certifications can be properly made and controls maintained.
Where Things Stand Today; Looking Ahead
No proposed rule or new RFC has been published yet, but the SEC’s recent regulatory agenda suggests active consideration of disclosure reforms. Recent Supreme Court decisions have heightened scrutiny of administrative rulemaking, so any substantial change will likely involve extensive public comment and participation and could take more than a year to finalize. The effective date of any new rule could be months or years after adoption, depending on implementation details.
Faster office actions, improved prior art searches and a more consistent application of the law — these will be hallmarks of the future of patent examination at the U.S. Patent and Trademark Office, due to increased use of artificial intelligence.
While currently aimed at augmenting the tools available to patent examiners, the USPTO is developing more advanced AI systems to help examiners deal with the growth in patent filings and the complexity of modern inventions.
In recent years, the USPTO has introduced several tools to aid with classification and prior art searching. Specifically, the USPTO’s Search AI tool includes “Similarity Search,” which enables examiners to locate documents similar to a patent application by leveraging AI algorithms to sift through millions of domestic and foreign patents and publications.
Recently, the USPTO also introduced DesignVision, an image-based search tool that allows patent examiners to search for visually similar designs across more than 80 global databases using image inputs, which improves the identification of relevant prior art for design patents.
The USPTO is also developing SCOUT, a generative AI platform designed to assist examiners with analytical and drafting tasks, including reviewing incoming documents, suggesting corrections and navigating the Manual of Patent Examining Procedure.
As a result, the USPTO is setting the stage for significant changes in how patent prosecution unfolds. Applicants and patent practitioners should consider new and evolving strategies to overcome AI-enhanced patent examination, particularly by taking a proactive approach when drafting new applications.
This article extrapolates the impacts of AI on patent examination processes across several critical categories. Applicants and patent practitioners should pay close attention, as these developments may significantly change prosecution strategy in the future.
Read the full article on Law360.
Make sure to visit Troutman Pepper Locke’s Regulatory Oversight blog to receive the most up-to-date information on regulatory actions and subscribe to our mailing list to receive a monthly digest.
Regulatory Oversight will provide in-depth analysis into regulatory actions by various state and federal authorities, including state attorneys general and other state administrative agencies, the Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC). Contributors to the blog will include attorneys with multiple specialties, including regulatory enforcement, litigation, and compliance.
In This Issue:
Troutman Pepper Locke Spotlight
Compliance and Enforcement in Consumer Financial Services: Navigating the Changing Landscape of Federal and State Oversight
By Troutman Pepper Locke State Attorneys General Team
Register Here
Wednesday, October 29 | 1:00 – 3:10 p.m. ET
Mike Yaghi and Lane Page, members of Troutman Pepper Locke’s State Attorneys General practice, along with Stefanie Jackman, Chris Willis, and Caleb Rosenberg from the Consumer Financial Services practice, will participate in an upcoming CLE webinar with myLawCLE. They will analyze the evolving roles and enforcement priorities of federal and state regulatory agencies, focusing on their impact on consumer financial services.
Representing One to Help Millions
By Timothy McHugh
Tim McHugh, a partner in Troutman Pepper Locke’s Richmond, VA office, was featured and quoted in the article “Representing One to Help Millions,” the cover story of the October 2025 issue of Virginia Lawyer magazine. The article highlights Tim’s pro bono work alongside David J. DePippo, managing counsel at Dominion Energy. Both men recently received the Military and Veterans Law Pro Bono Award from the Virginia State Bar Military and Veterans Law Section after successfully arguing before the United States Supreme Court in the case of Rudisill v. McDonough.
Regulatory Oversight Podcast Updates
New York’s FAIR Act: A Game-Changer for Regulatory Enforcement and Litigation
By Stephen C. Piepgrass, Joseph DeFazio, William D. Foley, Jr., Chris Willis, and Michael Yaghi
In this crossover episode of The Consumer Finance Podcast and Regulatory Oversight, Chris Willis is joined by Joseph DeFazio, Bill Foley, and Michael Yaghi to discuss the implications of New York’s FAIR Act, a significant amendment to the state’s UDAAP statute.
State AGs’ Continued Focus on Enforcement – With or Without AI Legislation
By Stephen C. Piepgrass, Brett Mason, Chris Carlson, and Gene Fishel
In this crossover episode of The Good Bot and Regulatory Oversight, Brett Mason, Gene Fishel, and Chris Carlson discuss the latest state laws targeting AI, especially in health care.
Solicitors General Insights: The Art of Oral Advocacy With Michigan and New Jersey
By Stephen C. Piepgrass and Jeff Johnson
In this episode of our special Regulatory Oversight: Solicitors General Insights series, RISE Counsel Jeff Johnson, a former deputy solicitor general in the Missouri Attorney General’s office, welcomes Michigan Solicitor General Ann Sherman and New Jersey Solicitor General Jeremy Feigenbaum. They explore the art of oral advocacy, sharing insights into how they effectively present cases.
Government Contracts Updates
Government Contractors and the Fall 2025 Government Shutdown: Risk Management and Best Practices
By Michael Barnicle, Hilary Cairnie, Peter Jeydel, Bonnie Gill, Trey Smith, and Bryan Williamson
Shutdown, again. This advisory helps contractors manage operations during this period.
What to Expect When the New CMMC Final Rule Hits Defense Acquisitions on November 10
By Michael Barnicle, Hilary Cairnie, Peter Jeydel, Bonnie Gill, Trey Smith, and Bryan Williamson
On September 10, the U.S. Department of Defense (DOD) posted its final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program for defense acquisitions. This new rule (acquisition rule) updates the Defense Federal Acquisition Regulation Supplement (DFARS) and imposes new cybersecurity requirements on defense contractors who handle (store, process, or transmit) sensitive information during contract performance.
FTC Updates
Amazon Settles FTC Lawsuit, Highlighting Regulatory Scrutiny of Subscription Practices
By Clayton Friedman, Namrata Kang, and Zoe Schloss
On September 25, 2025, Amazon agreed to pay $2.5 billion to settle claims brought by the Federal Trade Commission (FTC) alleging that the company misled consumers into signing up for Prime memberships and made it difficult for them to cancel.
FTC and Utah Settle UDAP Claims Against Online Adult Content Provider
By Troutman Pepper Locke State Attorneys General Team and Dascher Pasco
The Federal Trade Commission (FTC) and the Utah Department of Commerce’s Division of Consumer Protection (Division), represented by the Office of the Utah Attorney General (AG), recently announced a proposed consent order with Aylo, the company that owns and operates pornography websites, including Pornhub.com and Redtube.com.
False Claims Act Updates
What’s Next in False Claims Act Enforcement
By Michael S. Lowe, Amy Pritchard Williams, Callan G. Stein, and Ayana Brown
Over time, plaintiffs of all types have sought to harness the power of the False Claims Act (FCA)’s qui tam provision by bringing civil lawsuits even where government prosecutors have declined to pursue the case. And although the wartime conditions that initially prompted the passage of the FCA are now long gone, plaintiffs continue to take full advantage of the FCA’s qui tam provision.
Gaming Updates
Massachusetts AG Sues Kalshi, Highlighting Unresolved Questions About Predictive Market Contracts
By Troutman Pepper Locke State Attorneys General Team
Massachusetts Attorney General (AG) Andrea Joy Campbell recently filed a lawsuit in Suffolk Superior Court against KalshiEX LLC (Kalshi), an online prediction market platform, alleging that the platform runs an illegal sports wagering operation without an appropriate license in Massachusetts.
Privacy Updates
California Privacy Protection Agency Announces Multistate Sweep Targeting GPC Compliance
By Troutman Pepper Locke State Attorneys General Team, David Stauss, and Angelo A. Stio III
On September 9, the California Privacy Protection Agency (CPPA) announced that it has initiated a joint regulatory sweep in collaboration with attorneys general (AG) from California, Colorado, and Connecticut.
Artificial Intelligence Updates
What Businesses Need to Know: Colorado’s First-in-the-Nation AI Act Diverges From Federal Approach to Disparate Impact
By Troutman Pepper Locke State Attorneys General Team
Colorado lawmakers held a special session that culminated in a decision to delay the implementation of the Colorado Artificial Intelligence Act (CAIA) until June 30, 2026, extending the timeline beyond its original February 2026 start date.
Marketing + Advertisement Updates
New York’s “Stop Hiding Hate” Act: What It Means for Social Media Companies
By Troutman Pepper Locke State Attorneys General Team
On October 2, New York Attorney General (AG) Letitia James announced that, in accordance with the “Stop Hiding Hate” Act, social media companies are now required to report their content moderation policies to her office, with first reports due no later than January 1, 2026.
Illinois AG Settles Alleged Deceptive Practices, Banning Alternative Retail Electric Supplier From State and Securing $8.4M in Restitution
By Troutman Pepper Locke State Attorneys General Team
On September 5, Illinois Attorney General (AG) Kwame Raoul announced the resolution of ongoing litigation against Clearview Electric Inc., an alternative retail electric supplier accused of engaging in fraudulent, unfair, and deceptive business practices.
Tobacco and Nicotine Updates
California Finalizes Unflavored Tobacco List Regulations
By Bryan Haynes and Zie Alere
In August, the California Department of Justice (DOJ) finalized regulations to implement California’s unflavored tobacco list (UTL) law, enacted in 2024. The new regulations include detailed filing requirements for manufacturers and importers to have their tobacco products legally sold in California.
Feds Seize Illegal E-Cigarettes Worth Millions
By Bryan Haynes, Agustin Rodriguez, and Nick Ramos
The U.S. Food and Drug Administration and U.S. Customs and Border Protection have once again seized unauthorized e-cigarettes in Chicago, but this time the estimated retail value was $86.5 million — the largest seizure of its kind.
Drawback Claims Are Increasingly a Boon for Cigarette Importers
By Bryan Haynes, Agustin Rodriguez, and Michael Jordan
Importers of smoking tobacco products, particularly cigarettes, are increasingly saving millions in federal excise taxes by employing a refund mechanism known as the “drawback.”
Cannabis Updates
Balancing Innovation and Compliance: How Technology Is Transforming the Cannabis Industry
By Cole White
The cannabis industry is evolving rapidly, and technology is at the center of this transformation. State-licensed operators are deploying automation tools, robotics, and artificial intelligence (AI) to improve efficiency, reduce costs, and strengthen compliance. However, innovation in this space comes with unusual challenges. Cannabis remains federally illegal, which restricts financial services, complicates interstate commerce, and subjects businesses to a patchwork of state-specific rules.
Stephanie Kozol, Senior Government Relations Manager – State Attorneys General, also contributed to this newsletter.
Our Cannabis Practice provides advice on issues related to applicable federal and state law. Marijuana remains an illegal controlled substance under federal law.
This article was republished on November 1, 2025 in The Licensing Journal.
The digital asset landscape took a leap forward this summer when the U.S. Court of Appeals for the Ninth Circuit confirmed[1] that nonfungible tokens (NFTs) qualify for trademark protection under the Lanham Act.[2] This decision, centered on the Bored Ape Yacht Club’s collection of 10,000 distinctive digital ape NFTs, signals a new era for both intellectual property and secured lending.
For lenders, the ruling delivers crucial guidance: NFTs — whose market values range from a few dollars to tens of thousands — now qualify as trademark assets that may be used as collateral, provided they meet certain criteria. As NFTs continue to gain traction across industries, understanding how to secure interests in these digital assets is essential for anyone involved in lending and finance.
Practical Guidance for Secured Lenders
- Lenders may treat NFTs as trademark assets if the NFTs function as source identifiers.
- The process for creating and perfecting security interests in NFT trademarks mirrors that for traditional trademarks: a security agreement, a UCC-1 filing, and an optional filing with the U.S. Patent and Trademark Office (USPTO).
- Lenders should conduct due diligence to confirm the NFT’s trademark status and market value.
Case Summary
NFTs are digital assets that consist of a unique authenticating software code and a perceptible component, such as a digital artwork. The software code gives the perceptible component a unique signature, creating scarcity and value. An NFT may also identify brands and services. This duality allows NFTs to hold multiple sources of value, as art and advertisement.
Yuga Labs, the creator of the Bored Ape Yacht Club (BAYC) NFT collection, sold digital ape portraits that granted buyers exclusive access to online and offline events. Ryder Ripps, an artist, created a separate NFT collection by copying the Bored Ape images and branding in an act of artistic defiance.
Yuga Labs sued Ripps for trademark infringement, arguing that Ripps’ NFTs used BAYC’s marks and images in a way that may confuse consumers. Ripps countered that NFTs are not “goods” under the Lanham Act and therefore cannot be protected by trademark law.
The court rejected Ripps’ argument, holding that NFTs are commercial products and function as source-identifying goods under the Lanham Act. The court found that trademark protection extended to digital assets like NFTs, and that the use of BAYC marks in Ripps’ project was not protected by fair use or the First Amendment. The appeals court later ruled that Yuga Labs must provide more evidence of consumer confusion to prevail on its infringement claim, sending the case back for further proceedings.
Taking Security Over NFTs as Trademarks
The creation and perfection of security interests in NFTs under the Lanham Act is similar to the process for traditional trademarks. Before securing an interest in any NFT, the lender should determine that the NFTs function as trademarks. The court in Yuga Labs v. Ripps held that NFTs function as trademarks when used to identify the source of digital goods or services.
1. Creation of a Security Interest
The creation of the security interest is governed by state law, specifically Article 9 of the Uniform Commercial Code (UCC), which treats trademarks as “general intangibles” for the purposes of secured transactions. Lenders may take a security interest in NFTs (as trademark assets) by entering into a security agreement with the debtor. The debtor must execute the agreement to create a valid security interest under UCC §9-203.
UCC §9-108 requires that the security agreement contain a description that reasonably identifies the trademark being secured. In the case of NFTs, a description of the perceptible component and, if registered with the USPTO, the registration number will sufficiently identify an NFT. Lenders may want to include the registration date, application number, and the underlying software code. For an unregistered NFT, it is important to provide a thorough description including a copy of the perceptible component, the source code and any other identifying features.
2. Perfection of a Security Interest
The Lanham Act provides a system for recording trademark assignments with the USPTO, which gives constructive notice to subsequent purchasers. The Lanham Act, however, does not preempt state law regarding perfection of security interests, which is governed by Article 9 of the UCC.
To perfect a security interest in an NFT, the secured party must file a UCC-1 financing statement with the secretary of state in the jurisdiction where the debtor is located. Courts have consistently held that filing with the USPTO is not required to perfect a security interest in a trademark; the UCC filing is sufficient for priority over other creditors.[3]
While not legally required for perfection, best practice is to also record the security interest in the NFT with the USPTO. This will provide additional notice to third parties and purchasers, especially in due diligence scenarios. This “belt and suspenders” approach does not substitute for the UCC filing.
Conclusion
While NFTs, cryptocurrencies, and other digital assets continue to generate debate, their status as valuable assets is well established. In light of recent judicial decisions, secured lenders should evaluate the benefits of taking security interests in a borrower’s NFTs, particularly when those NFTs function as trademarks. This approach may enhance the lender’s collateral position and provide additional protection in secured transactions.
[1] Yuga Labs, Inc. v. Ripps, 144 F.4th 1137 (9th Cir. 2025).
[2] 15 U.S.C. § 1060.
[3] See In re Roman Cleanser, 43 Bankr. 940, 225 U.S.P.Q. 140 (Bankr. E.D. Mich. 1984).
On September 30, 2025, the Office of the Chief Counsel of the Securities and Exchange Commission’s (SEC) Division of Investment Management (the Division) issued a no-action response (the No-Action Letter) stating that it would not recommend enforcement against registered investment advisers (RIAs) or certain regulated funds (i.e., registered investment companies and business development companies) for maintaining crypto assets and related cash and cash equivalents with certain state-chartered financial institutions (state trust companies) so long as particular conditions are met.[1] In doing so, the No-Action Letter permits regulated funds and RIAs to treat state trust companies as “banks” for purposes of the custody requirements of Investment Company Act of 1940, as amended (the 1940 Act), the Investment Advisers Act of 1940, as amended (the Advisers Act) and the rules thereunder.
Custody Requirements Under the 1940 Act and Advisers Act
The custody requirements established by the 1940 Act and Advisers Act are designed to prevent the theft, loss, and misappropriation of investor assets. Sections 17(f) and 26(a) of the 1940 Act require registered funds to place and maintain securities and similar investments with certain qualified custodians. Similarly, RIAs who have custody of their client’s funds and securities must maintain such items with a “qualified custodian” pursuant to Rule 206(4)-2 of the Advisers Act. Qualified custodians include entities that meet the definition of “bank” under §2(a)(5) of the 1940 Act or §202(a)(2) of the Advisers Act.
Typically, national and state-chartered banks qualify as a custodian for registered funds and RIAs by meeting the definition of a bank under the 1940 Act and the Advisers Act. State trust companies, however, are legal entities organized under state law that are: (i) supervised and examined by a state authority having supervision over banks and (ii) permitted to exercise fiduciary powers under applicable state law.[2] For a state trust company to meet the definition of “bank” under the 1940 Act and Adviser Acts, it must also satisfy the requirement that “a substantial portion of the business of which consists of receiving deposits or exercising fiduciary powers similar to those permitted to national banks under the authority of the Comptroller of the Currency.” The interpretation of this portion of the definition was the subject of the No-Action Letter.
State Trust Companies as “Banks”
The No-Action Letter permits regulated funds and RIAs to maintain crypto assets (and cash and/or cash equivalents reasonably necessary to effect transactions in crypto assets) with state trust companies, if the following conditions are met:
- Authorization and Policies: The RIA and/or regulated fund must verify that the state trust company is authorized by the relevant State Banking Authority to provide custody services for crypto assets and has policies to safeguard these assets, focusing on private key management and cybersecurity.
- Financial and Control Reports: The RIA and/or regulated fund must review the state trust company’s latest audited financial statements and internal control reports to ensure controls are effective and meet custodial service objectives.
- Custodial Services Agreement: A written agreement must be in place, ensuring that the state trust company cannot lend or pledge the crypto assets without prior consent and that these assets are segregated from the company’s own assets.
- Risk Disclosure: The RIA and/or regulated fund must disclose any material risk of using state trust companies as custodians to their clients or board members.
- Best Interest Determination: The RIA and/or regulated fund must determine that using the state trust company’s custody services is in the best interest of their clients or shareholders, as applicable.
In an atypical response to staff no-action letters, two SEC commissioners commented on the issuance of the No Action Letter — one voicing support, and one expressing a more cautionary view.[3]
Conclusion
The Division’s No-Action Letter marks the latest development in the regulatory landscape for crypto asset custody, allowing crypto assets to be placed and maintained at state trust companies, potentially broadening the universe of eligible providers for custody services. Maintaining crypto asset requires a complex web of technology and operational systems to protect digital assets from misappropriation, making it particularly challenging for compliance. As the RIA and fund industries navigate these complexities, participants remain hopeful that the SEC will provide further guidance on crypto asset custody issues, as evidenced by recent comment letters to the SEC’s Crypto Task Force.[4] Stay up to date with the latest on crypto asset regulatory and market developments by subscribing to our Financial Services Blog, our Consumer Financial Services Law Monitor, and to our podcast, The Crypto Exchange, via Apple podcast, Google Play, Stitcher, or your preferred platform.
[1] Simpson Thacher & Bartlett LLP, SEC No-Action Letter, Sept. 30, 2025, available here.
[2] Id.
[3] Commissioner Hester M. Pierce, Statement on “Out of the Gray Zone: Statement on The Division of Investment Management’s No-Action Letter Relating to the Custody of Crypto Assets with State Trust Companies” U.S. Sec. & Exch. Comm’n (Sept. 30, 2025) available here; Commissioner Caroline A. Crenshaw, Statement on “Poking Holes: Statement in Response to No-Action Relief for State Trust Companies Acting as Crypto Asset Custodians” U.S. Sec. & Exch. Comm’n (Sept. 30, 2025) available here.
[4] For example, see the SEC comment letter submitted by National Society of Compliance Professionals on September 8, 2025, which underscores the need for additional guidance on crypto asset custody, available here.
Mike Matthews also contributed to this article. He is not licensed to practice law in any jurisdiction; bar admission pending.
I recently read an Inc. article by David Finkel, “Stop Rewarding Urgency and Build a Culture That Prioritizes Value Instead” about how organizations can get trapped in “urgency culture” – where speed becomes the metric of success, rather than the quality or impact of what is being done. Given what is at stake in our typical workday, urgency is sometimes a necessity. That said, if the quick response lacks strategic thinking, precision, or insight, aren’t we doing ourselves a disservice?
Read the full article in TMA Chicago/Midwest Quarterly News.
Our team published new content and podcasts to the Consumer Financial Services Law Monitor throughout the month of September. To catch up on posts and podcasts you may have missed, click on the links below:
Auto Finance
Oregon Enacts New Auto Loan Fairness and Transparency Law
Banking
Consumer Finance Litigation
August 2025 Consumer Litigation Filings: Everything Down for Month
Cryptocurrency + FinTech
Treasury Invites Public Input on GENIUS Act Implementation
Privacy and Cybersecurity
Shining the Light on a Recent Wave of Potential Privacy Claims
Mortgage Lending
The Homebuyers Privacy Protection Act Becomes Law
Regulatory Enforcement + Compliance
California Expands Vaccine Coverage Requirements
Louisiana Becomes Latest State to Pass EWA Legislation
Telephone Consumer Protection Act
Washington State Appellate Court Holds Unsolicited Recruitment Texts Violate CEMA
FCC’s Final Rule on Consent Kills One-to-One Consent Requirement
Podcasts
The Crypto Exchange Podcast – Navigating the GENIUS Maze: Sanctions and AML Adventures in Crypto
The Crypto Exchange Podcast – Ensuring Stability: The GENIUS Act’s Impact on Stablecoin Insolvency
The Crypto Exchange Podcast – Decoding Crypto Legislation: GENIUS Moves and Clarity Paths
Moving the Metal: The Auto Finance Podcast – Driving New Standards With California’s CARS Rule
Payments Pros Podcast – The 1033 Shake-Up: CFPB’s New Rulemaking Adventure
Payments Pros Podcast – Wage Wonders: Unraveling Payroll Mysteries With Nacha and State Insights
Payments Pros Podcast – Paddle’s Payment Predicament: Unpacking FTC’s Compliance Crackdown
Newsletters
Weekly Consumer Financial Newsletter – Week of September 29, 2025
Weekly Consumer Financial Newsletter – Week of September 22, 2025
Weekly Consumer Financial Newsletter – Week of September 15, 2025
Weekly Consumer Financial Newsletter – Week of September 8, 2025
Weekly Consumer Financial Newsletter – Week of September 1, 2025
This article was republished in the December 2025 issue of Insights: The Corporate & Securities Law Advisor.
Startup financing is a dynamic process, and down rounds have emerged as a critical mechanism for companies navigating challenging economic climates. These down rounds are characterized by a reduction in company valuation and often require complex financial strategies to secure necessary capital. One of the keys to a successful down round is balancing the interests of multiple parties, each with potentially conflicting goals and needs. This article focuses on common features of down rounds and examines common terms that define these financings. By understanding the nuances of down rounds, company leadership can better prepare for the potential impacts on structures and investor relations, ensure informed decision-making, and balance the needs of their existing and prospective investors.
Pay-to-Play or Pull-Up Transactions
Pay-to-play terms are a hallmark of down rounds, and involve scenarios wherein the existing investors, pursuant to the terms of the existing governance documents, are contractually obligated to participate in the new offering or they are penalized, generally by having their preferred shares (or a portion thereof) converted into common shares or a lower class or series of preferred shares. Pull-up transactions, on the other hand, involve scenarios where existing investors are not subject to binding provisions under the existing governance documents that require continued participation in new financing. A pull-up transaction typically involves two steps, wherein existing investors first have their preferred shares converted into common shares, and then are given the opportunity to participate in the offering in order to reconvert their equity into the new preferred shares.
Both transactions have a powerful impact on the existing investors of the company, as existing investors are motivated to invest or they lose the benefits of their preferred status. This also has the potential to attract prospective investors, as the preference stack is largely reset, and new investors would be guaranteed to receive the highest level of preferential terms compared to existing investors. Pay-to-play provisions are also regularly used in financings which include milestone or multiple-tranche closings. When investors have committed to invest further funding when the company achieves certain milestones, pay-to-play provisions will function as a deterrent for investors who may fail to satisfy their commitment.
The downside of pay-to-play provisions is that they will almost inevitably cause friction with existing investors, and therefore these types of provisions need to be reviewed carefully. To encourage participation and mitigate damaging relationships with existing investors, companies should endeavor to be transparent and clearly communicate the financial position of the company, the necessity of the down round, and the board’s belief that it is the best (or, at times, only) path forward for the company.
Cramdowns
If the pull-up transaction is the carrot, compulsory conversion is the stick. Compulsory conversion of equity, also known as a cramdown, involves the mandatory conversion of preferred shares of existing investors who fail to participate in the down round into a lower class of preferred or common shares at a 1-to-1 or worse ratio, dissipating the liquidation preferences and rights of existing investors.
One of the primary advantages of compulsory conversion during a down round is the simplification of the company’s capital structure. By converting convertible securities such as notes or SAFEs into equity, the company can eliminate complex financial instruments that may complicate future fundraising efforts or acquisitions. By eliminating certain groups of preferred stock, the company’s capital structure can be consolidated, and help align the interests of existing investors with those of new investors, as all parties would hold common equity, reducing potential conflicts between different classes of equity holders. The conversion can also provide clarity to potential investors regarding the company’s ownership and valuation, potentially making the company more attractive for future investment.
Cramdowns do have drawbacks, however — for existing investors holding convertible securities, mandatory conversion can lead to significant dilution of their ownership stake, especially if the conversion terms are unfavorable due to the lower valuation. This dilution can be particularly concerning for investors who initially invested at a higher valuation and expected a more favorable conversion rate. Furthermore, compulsory conversion can lead to dissatisfaction among existing investors, who may feel that their interests are being compromised for the interests of new investors. This dissatisfaction can strain relationships and potentially lead to legal disputes if investors believe the conversion terms were unfair or not adequately disclosed.
Warrants
Warrants give prospective or existing investors the right, but not the requirement, to purchase shares at a predetermined exercise price before a certain expiration date. This allows the company to potentially issue the round at the same or higher price than a prior round, but then incentivize investors with a discounted right to purchase more equity.
In practice, warrants can be a very flexible tool, allowing the company to provide additional incentive for prospective lead investors or existing investors to participate. The fact that warrants are issued at a fixed price provides a clear metric against which the warrant holder can measure the growth of the company, and encourages them to exercise the warrant when the company’s value has increased. Additionally, as the exercise of the warrant will generally be later down the road, it will help provide an additional influx of cash for the company when it is exercised.
For existing equity holders, however, warrants can lead to dilution of their ownership stake if and when the warrants are exercised. This dilution can be particularly concerning if the warrants are issued at a low exercise price. The issuance of warrants can also complicate the company’s capital structure, potentially making it more challenging to attract future investors or execute strategic transactions.
Liquidation Preference
A liquidation preference is the payout order in the event of a liquidation or sale of the company. Generally, in the event of a liquidation or sale, higher tiers of preferred equity are first in line to get their investment back, followed by lower tiers of preferred equity, followed by common equity holders. This concept is sometimes referred to as “last-in, first out.” The amount of the liquidation is commonly 1X, meaning the amount of the equity holders’ original investment, but the liquidation preference can also be for multiples of the equity holders’ original investment. During a down round, prospective investors may require that the new offering provide them with a liquidation multiple greater than 1X, such as 1.5X or 2X, in order to receive more than their original investment if the liquidation or sale is below a certain value.
By ensuring that new investors receive their initial investment back before other equity holders in the event of liquidation, liquidation preferences can mitigate the risks associated with investing at a lower valuation. This protection makes investing in a company during a down round more attractive by providing a safety net to help preserve investor capital.
However, such liquidation preferences for new investors disadvantage the existing investors. When new investors receive preferential treatment in liquidation scenarios, it can lead to reduced returns for earlier investors. This can be particularly concerning if the liquidation preference is structured as a multiple of the investment, as it can significantly impact the distribution of proceeds in the future.
Conclusion
Down rounds are not always the only (or preferred) choice in a challenging fundraising environment, but they can be a useful means to keep a startup running when more appealing alternatives are not available.
From a legal perspective, companies must ensure that the use of any of the features described here in their down round complies with securities laws and contractual obligations. Transparency and clear communication with the company’s investors are crucial to avoid potential disputes or misunderstandings regarding the terms and implications of the down round. Experienced counsel should assist in structuring the down round to minimize conflicts and ensure that all parties are treated fairly.
This article is intended as a guide only and is not a substitute for specific legal or tax advice. Please reach out to the authors or another member of the Troutman Pepper Locke team for any specific questions. We will continue to monitor the topics addressed in this paper and provide future client updates when useful.
Influenced by advancements in AI and wearable technology, and fueled by privacy concerns, reproductive health data is at a pivotal intersection of federal and state regulations. Traditionally, the Health Insurance Portability and Accountability Act (HIPAA) has served as the primary framework for protecting patient information and regulating health care providers and insurers.
Recently, however, a federal judge in Texas overturned the Reproductive Health Care Privacy rule, which amended HIPAA to impose stricter limitations on the use and disclosure of reproductive health-related protected health information (PHI). This ruling leaves covered entities uncertain about compliance, as states like California, Washington, and Virginia are enacting laws to fill these gaps and protect reproductive health data across various platforms and technologies. These laws often apply beyond traditional health care entities regulated by HIPAA, yet may still apply to HIPAA-covered entities if they collect data outside their medical provider role. This post summarizes some of the key developments and requirements in this area.
Federal Protections – A Federal Court Vacates the Final Rule
In April 2024, the U.S. Department of Health and Human Services (HHS) amended the HIPAA Privacy Rule to support reproductive health care privacy in the wake of the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization. A majority of the final rule prohibits covered entities from disclosing or using PHI potentially related to reproductive health care for certain purposes, including criminal or administrative investigations or penalties. It also requires covered entities to attest that they would not use or disclose reproductive health care PHI for a prohibited purpose. The final rule also updated 42 CFR Part 2, requiring covered entities to revise their Notice of Privacy Policies to inform individuals of these changes.
In Purl v. U.S. Department of Health and Human Services, a Texas physician challenged the final rule on the grounds that it prevented her from complying with state reporting requirements related to child abuse and participating in public health investigations. On June 18, 2025, the court agreed and struck down those portions of the final rule related to reproductive health care privacy protections finding that they impermissibly limit state law on child abuse reporting, unlawfully redefine terms, and exceed HHS’s authority to implement such a rule.
Accordingly, the court vacated the reproductive health care privacy protections set forth in the final rule, leaving intact only those requirements relating to modifications in notices of privacy practices related to substance abuse disorder to reflect changes in Section 3221(i) of the Coronavirus Aid, Relief, and Economic Security Act. HHS let the August 18, 2025, appeal deadline pass without challenging the Purl decision, thus telegraphing its agreement with the court’s decision. HIPAA-regulated entities must continue protecting reproductive health care information under existing HIPAA rules and regulations, but the enhanced reproductive protections under the final rule are no longer in effect.
State Law Fills in the Gaps
Even with the court-imposed limitations on the HIPAA final rule, several important states have regulated in this space. California, Virginia, and Washington have enacted data privacy laws that expand upon the federal requirements, with New York closely following suit with their pending New York Health Information Privacy Act (NYHIPA). These laws are broadly written and may apply to traditional HIPAA-regulated covered entities, health care-adjacent companies (e.g., fitness trackers), and organizations that likely do not consider themselves to be health care-oriented at all (e.g., retailers, advertisers, and tech companies that process geolocation data). Below are some considerations for businesses collecting reproductive health data.
California:
California’s Assembly Bill No. 352 (AB 352), effective January 1, 2024, amended California’s Confidentiality of Medical Information Act (CMIA) and introduced significant changes to the handling and sharing of sensitive health information, particularly regarding reproductive health services. The law applies broadly to both traditional and nontraditional health care entities. These nontraditional entities include electronic health record (EHR) developers, digital health companies, and other entities that store or maintain medical information on behalf of health care providers, health plans, pharmaceutical companies, contractors, or employers.
Although AB 352 does not create a new private right of action, it continues to allow individuals to seek remedies under the CMIA for negligent release of their confidential information or records. Administrative fines and civil penalties for negligent disclosure or mishandling of medical information can range from $2,500 to $25,000 per violation. Penalties for willful violations can amount to $250,000 per violation, and criminal penalties may also apply if the violation results in economic loss or personal injury to a patient. Key requirements include:
- Enhanced Security Measures: As of July 1, 2024, businesses storing medical information on gender-affirming services, abortion, and contraception must implement security measures such as limiting access privileges and preventing sharing outside California.
- Prohibition on Cooperation With Out-of-State Inquiries: Entities are prohibited from cooperating with out-of-state inquiries that could identify individuals seeking abortion services lawful in California.
- Prohibition on Disclosure of Medical Information: Entities must not disclose medical information related to lawful abortion services to out-of-state individuals or entities unless authorized.
- Exclusion From Automatic Data Sharing: Health information related to abortion services is excluded from automatic sharing on California’s Health and Human Services Data Exchange Framework.
This law does not include a HIPAA exemption and therefore applies to HIPAA-covered entities.
Virginia:
Virginia’s Senate Bill 754, amending the Virginia Consumer Protection Act (VCPA), took effect on July 1, 2025. It prohibits “suppliers” from processing reproductive and sexual health information (RSHI) without consumer consent.
“Suppliers” include any entity involved in consumer transactions that obtain RSHI, including small businesses and nonprofits. Non-health care organizations, such as retailers, search engines, and companies using geolocation data, may fall under the act’s scope due to its broad definitions. The law includes the carveouts under the Virginia Consumer Data Protection Act (VCDPA), explicitly exempting PHI covered by HIPAA or similar federal or state regulations.
The act defines RSHI broadly, including information related to reproductive health services, conditions, surgeries, contraceptive use, and any data derived from non-health-related sources. It does not differentiate between data controllers and processors, arguably requiring vendors to obtain consent for processing RSHI.
Violations can result in civil penalties enforced by the Virginia attorney general, ranging from $2,500 to $5,000 per violation. The act also provides a private right of action for consumers, allowing recovery of actual damages or statutory damages, with potential for treble damages and attorney fees for willful violations.
Key requirements include:
- Clear Consent: Suppliers are required to obtain explicit consent before sharing RSHI, including abortion care or contraceptive use.
- Prohibition on Data Brokers: The bill blocks data brokers from selling or sharing RSHI that could be used to track people seeking reproductive health care.
- No Processing Necessary Exemption: SB 754 lacks an exemption for data processing necessary to deliver a product or service. Suppliers cannot process RSHI even when providing a related product or service unless the consumer provides explicit, clear, opt-in consent.
- No Entity-Level Exemptions: The bill does not include the exemptions found in the VCDPA, and instead applies to a wide range of suppliers, even those who do not meet the VCDPA thresholds (i.e., processing the personal data of 100,000 or more consumers during the calendar year). Accordingly, small businesses and nonprofits are included under the definition of supplier.
For more information on the Virginia law, please visit our FAQ series on Virginia’s Protection of Reproductive Health Information Law.
Washington:
The My Health My Data Act (MHMDA), effective on April 27, 2023, imposes a variety of restrictions on the use of “consumer health data” by companies operating in Washington or engaging with its residents. Consumer health data includes any personal information linked to a consumer’s health status, and explicitly includes cookie IDs. The law is broad and applies to both traditional health care entities (like doctors or hospitals) as well as digital health companies (e.g., fitness trackers, telehealth apps). However, HIPAA-regulated PHI is not regulated by the statute. As with California’s and Virginia’s laws, the MHMDA covers a wide range of organizations, including small businesses and nonprofits, and applies to data collected in Washington.
Investigations into and penalties for violations of MHMDA can be brought by the Washington attorney general, with a maximum fine of $7,500 per violation. If the violation is deemed willful or intentional, the attorney general can, in their discretion, seek higher penalties. Further, the statute allows consumers to pursue a private right of action for noncompliance, including seeking declaratory relief, injunctive relief, actual damages, and statutory damages of up to $7,500 per violation.
Key aspects of the MHMDA include:
- Granular Consent: Companies need to obtain specific, detailed, and explicit consent from individuals before collecting, using, or sharing their health data. For example, individuals need to know exactly what data is being collected and how it will be used, including whether it will be used for health care purposes, whether it will be shared with third parties, and the specific purpose the company is using the data.
- Consumer Authorization to Sell Data: Prohibits selling consumer health data without a signed authorization, valid for one year and revocable at any time.
- Expanded Data Subject Rights: Includes rights of access and deletion, extending to all third parties and backups.
- Limitation on Geofencing: Prohibits the use of health data collected through location-based data to target individuals for advertising or marketing based on their location in a health care setting or in relation to health care services.
New York:
The NYHIPA will also seek to fill in the gaps and protect data not typically falling under HIPAA, requiring reasonable safeguards to protect the security, confidentiality, and integrity of regulated health information.
Similar to the other states, the NYHIPA applies broadly to both traditional health care entities like health care providers, and health insurers, but also nontraditional entities, such as apps and digital platforms that collect health data (e.g., wearable devices and digital health tools). The NYHIPA covers any health-related data that can identify an individual, including data related to medical conditions, treatment, prescription information, mental health data, and genetic information.
Although the NYHIPA does not offer a private right of action, the New York attorney general has enforcement power, and can bring both investigations and civil enforcement actions against organizations that fail to comply. Fines for violation can amount to $5,000, and up to $10,000 per violation if the violation was willful or resulted in harm to individuals.
Key aspects of the NYHIPA will include:
- Explicit Consent: Organizations must obtain explicit, informed consent from individuals before collecting, using, or sharing their health information. This means consent must be specific, clear, and obtained prior to any data collection.
- Limited Use: Health data may only be used for specified purposes as disclosed at the time of consent. It cannot be used for marketing or advertising purposes without the individual’s consent.
- Security Safeguards: Sensitive health data must be encrypted, particularly when it is transmitted electronically or stored in digital systems.
- Data Minimization: Organizations must only collect and retain health data that is necessary for the specific purpose outlined in the consent agreement. Data that is no longer needed should be deleted or anonymized.
There are consistent themes across these state laws: entities not traditionally viewed as health care providers, such as digital health trackers and fitness apps, are now subject to stringent privacy regulations with significant penalties for noncompliance. Organizations should reassess the data they collect, the methods of collection, and its intended use to determine if they are governed by these statutes. Given the complexity and potential impact of these regulations, it is crucial for organizations to consult with experienced privacy counsel who can provide tailored guidance to ensure compliance and help mitigate risks associated with these new laws.
The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) recently implemented the long-anticipated 50% ownership standard (or Affiliates Rule) to extend the licensing requirements under the Export Administration Regulations (EAR) to non-listed parties that are 50% or more owned by certain listed parties. This replaces the previous “legally distinct” standard that BIS had applied, which did not directly extend these restrictions to non-listed affiliates.
The new BIS Affiliates Rule reflects essentially the same standard that has long been used by the Treasury Department’s Office of Foreign Assets Control (OFAC). As the basics of this rule are already widely known, this article focuses only on the lesser-known nuances.
To quickly review the basics: The Affiliates Rule subjects a foreign entity to a licensing requirement under the EAR if it is 50% or more owned — whether directly or indirectly, individually or in the aggregate — by one or more parties that are designated on the BIS Entity List or Military End User (MEU) List, or certain (not all) parties on OFAC’s Specially Designated Nationals (SDN) List.
We shine a light on the trickiest aspects of this rule below.
The Temporary General License (TGL): Very Narrow Scope and Short Duration
A new TGL overcomes the licensing requirement under the Affiliates Rule, but only until December 1, 2025, and only in two relatively rare scenarios — when the party in question is:
1) Located in a cooperating country (i.e., Country Group A:5 or A:6); or
2) A joint venture with entities headquartered in the U.S. or such a cooperating country that are not themselves subject to the Affiliates Rule, and only when located in a non-sanctioned country (i.e., outside Country Groups E:1 and E:2).
Furthermore, the TGL does not apply to entities 50% or more owned by covered SDNs — it only overcomes the Entity List and MEU List restrictions.
In short, the vast majority of companies will not be able to rely fully on the TGL.
Even Listed Entities Are Now Subject to EAR Licensing Requirements Globally (But Unlisted U.S. Affiliates Are Excluded)
The new Affiliates Rule only applies to unlisted “foreign affiliates” of the listed entities. So U.S. affiliates are not directly impacted by this rule.
As far as listed entities are concerned, the previous rule was that the listed entity was subject to the applicable restrictions at all of its locations in the country stated in the listing. BIS noted in the rulemaking that previously there were only three parties on the Entity List that were subject to a worldwide licensing requirement. BIS provided this example: “an entity listed on the Entity List under China has a sales office in Malaysia. Prior to this [rule], the sales office in Malaysia of the listed Chinese entity was not included within the scope of the Entity List license requirements, unless BIS listed that Chinese sales office in Malaysia also on the Entity List or there was information that the item was intended for the listed Chinese entity.”
Now, however, the licensing requirements for all listed entities on the Entity List or MEU List, or under the covered authorities of the SDN List, will “apply to all foreign countries.” This is a significant expansion of these pre-existing, list-based restrictions.
The Affiliates Rule Does Not Apply to Addresses on The Entity List
BIS has made clear that the Entity List restrictions do not apply to unlisted entities that are owned by entities operating at an address listed on the Entity List if the entities themselves are not specifically identified on the Entity List. The agency explained that “entities located at a different address with a parent company registered at a corporate services address on the Entity List may not present the same diversion risks.”
Many U.S. Restricted Party Lists Are Outside the Scope of This Rule
Affiliates of many types of SDNs are not impacted by this rule, which references an exclusive list of covered SDN list authorities. Similarly, an entity owned by covered SDNs and non-covered SDNs would not be covered by this rule, unless the covered SDN ownership is at least 50%.
Nor does this rule impact affiliates of parties that are only designated on other U.S. government lists, including the Department of Defense’s Chinese Military Companies (CMC or 1260H) list, OFAC’s Chinese Military-Industrial Complex Companies (CMIC) list, the BIS Unverified List (UVL) and Denied Persons List (DPL), and others. (The DPL, although not impacted by this rule, has long had a different scope of application to unlisted affiliates.)
Even BIS’s MEU restrictions are largely not affected by this rule, as the vast majority of MEUs under the EAR are not listed, but rather are treated as MEUs under the standard set forth in Section 744.21(g) of the EAR. BIS has stated explicitly that the licensing requirements under the Affiliates Rule “do not apply to unlisted foreign affiliates that are owned, directly or indirectly, individually or in the aggregate, solely by one or more unlisted `military end users,’ unless the unlisted foreign affiliate itself meets the definition of a `military end user.'”
In addition, entities owned only by parties covered by BIS’s Military-Intelligence End User (MIEU) restrictions in Section 744.22 of the EAR are not impacted by the Affiliates Rule, even if owned by listed MIEUs.
New Screening Tools May Be Required
In light of the aggressive statements by BIS about strict liability under this rule, companies should strongly consider whether their current screening tools are adequate. The U.S. government’s free and publicly available Consolidated Screening List (CSL), which many companies previously relied on for EAR compliance purposes, does not include ownership data and therefore will no longer reflect all entities subject to BIS licensing requirements.
Accordingly, it is important to check with your screening tool provider to confirm whether it includes this ownership data — many screening tools do not. With this in mind, many more companies going forward will need to pay for advanced screening tools with built-in ownership data, which previously only larger international companies tended to use.
No tool, however, has complete ownership data. So a key question going forward will be whether BIS will pursue strict liability enforcement actions against companies that exported to an entity that was not flagged by an advanced screening tool as having restricted party ownership under the Affiliates Rule. If so, there will be real questions about whether full compliance under the EAR is going to be feasible going forward.
Official Ownership Determinations From BIS Are Available
BIS has stated that it may be “able to make a determination during the license review process that the foreign entity is in fact not owned, directly or indirectly, individually or in aggregate, 50 percent or more by one or more” covered entities, in which case “the license application will be returned without action [RWA’d] to the applicant noting that a license is not required.”
This presents in effect an opportunity to obtain an official ownership determination from BIS via an RWA’d license application. However, given the currently very long licensing backlog at BIS, which is likely to continue to grow in the near-term, this may not be a practical option in many cases.
Entities Falling Below The 50% Threshold Are Still Impacted
Like OFAC’s guidance, BIS has stated that unlisted entities not meeting the 50% ownership threshold still call for enhanced due diligence:
. . .foreign parties with significant minority ownership by, or other significant ties to (e.g., overlapping board membership or other indicia of control), an Entity List entity, an MEU List entity, or an SDN subject to § 744.8(a)(1) present a Red Flag of potential diversion risk to the listed entity. In this type of situation, additional due diligence is necessary, especially given the opaque ownership structures and limited access to accurate ownership data in certain jurisdictions.
Also echoing OFAC’s warnings, BIS has advised of the risk of dealing with such entities, as they may be designated in the future.
Opportunities For Exclusion From These New Restrictions
Because of the automatic inclusion of affiliates under both pre-existing and new designations, and in light of the significant political pressure that BIS is likely to face to continue and even increase its pace of designations, it is reasonable to expect that the agency will overlook unintended consequences of the Affiliates Rule on a regular basis – it is hard to imagine BIS having the bandwidth to examine in detail the business of each entity in the complex corporate groups that they are targeting.
Accordingly, there will be opportunities for parties to seek a specific exclusion if they have a good case that it is not in the U.S. government’s interest to include them within the scope of these EAR restrictions. BIS has stated explicitly that it will review such requests on a case-by-case basis, pursuant to the procedures in Section 744.16(e) of the EAR, if it determines that an entity or group of entities “do not pose a significant risk of being or becoming involved in diversion to the listed entity.” A strong compliance program may be a ticket to exclusion from these restrictions.
Rule of Most Restrictiveness
As different restrictions may apply to different listed owners of an unlisted entity, BIS has set out the “rule of most restrictiveness” to guide these situations, which it has described as follows:
An entity owned 50 percent or more, directly or indirectly, by multiple entities subject to EAR license requirements pursuant to some combination of the Entity List, MEU List, or SDN List designated under programs listed in § 744.8(a)(1), is subject to the most restrictive license requirements, license exception eligibility, and license review policy applicable to one or more of its owners under the EAR.
This could result in odd outcomes in instances when an entity subject to stringent restrictions has a very small ownership interest and an entity subject to less stringent restrictions has the main ownership interest — in such cases, the restrictions applicable to the smaller shareholder, no matter how small its interest, would generally govern. BIS has said that “the breakdown of the percentages adding up to 50 percent or more does not matter.” These may be good cases to seek exclusions or modifications to the applicable restrictions.
This rule of most restrictiveness can be particularly significant when it comes to small ownership stakes held by entities subject to the Entity List Foreign Direct Product (FDP) rules, because in those cases the unlisted entity would be subjected not only to broad licensing requirements but also expanded jurisdictional exposure under the EAR.
Difficult License Application Requirements
While successful licensing in this context is increasingly rare, it is important to be aware of the new — and challenging — license application requirements that BIS has added for these cases, including an obligation to name the restricted party owners and explain “the due diligence conducted to determine the percentage of ownership, including providing an explanation for why percentage of ownership was not able to be determined.” Expect a high degree of scrutiny of these applications.
Cascading Effects Across Multiple Other Regulatory Regimes
The Entity List and MEU List are referenced in numerous other regulatory regimes, many of which do not incorporate the Affiliates Rule, at least not currently (or clearly enough). For example, an “Excepted Investor” under the regulations of the Committee on Foreign Investment in the United States (CFIUS) cannot be (and none of its parents or subsidiaries can be) “listed on” the Entity List. Similarly, Treasury’s Outbound Investment Security Program (OISP) defines “prohibited transactions” to include otherwise “notifiable transactions” with a “covered foreign person” that is “[i]ncluded on the Bureau of Industry and Security’s Entity List” or MEU List. It will be important to watch for any guidance or regulatory changes from other agencies incorporating the new BIS Affiliates Rule.
Conclusion
The backlash against this new rule has been swift and loud. It will, indeed, make compliance more costly and difficult for many companies, and, ultimately will result in less trade and technology cooperation with entities falling under the Affiliates Rule, as well as with entities not falling under this rule but with opaque ownership that prevents their partners from getting comfortable about them.
But less will change than many may expect. BIS’s press release said that, “[p]reviously, the Entity List and MEU List completely excluded all entities that were not specifically named on the Entity List/MEU List — even if there were extensive corporate and financial ties with listed entities.” That’s a highly misleading statement. BIS’s previous guidance provided stark warnings about the risk of dealing with unlisted affiliates of listed entities, including an expectation to conduct enhanced due diligence. Moreover, many companies (including the authors’ clients) have been subject to civil and criminal investigations for dealing with unlisted affiliates of listed entities. So to say that unlisted affiliates of listed entities were “completely excluded” from the scope of these restrictions prior to this rule does not fairly represent the previous state of play.
The promulgation of this rule — and the aggressive statements that BIS and others have made as part of its rollout — are indicative of the current administration’s focus on closing perceived “loopholes” in the EAR and similar regulatory programs. What remains to be seen is how aggressively these and other new restrictions will be enforced.