State attorneys general increasingly impact businesses in all industries. Our nationally recognized state AG team has been trusted by clients for more than 20 years to navigate their most complicated state AG investigations and enforcement actions.

State Attorneys General Monitor analyzes regulatory actions by state AGs and other state administrative agencies throughout the nation. Contributors to this newsletter and related blog include attorneys experienced in regulatory enforcement, litigation, and compliance. Also visit our State Attorneys General Monitor microsite.

Contact our State AG Team at StateAG@troutman.com.

Troutman Pepper Locke Spotlight

Troutman Pepper Locke Receives Unanimous Support as 52 Attorneys General File Amicus Brief to Protect Educational Benefits for Veterans

By Misha TseytlinTimothy McHughMary Grace MetcalfeJeff JohnsonLauren Hancock Miller, and Trey Smith

In a remarkable display of unity, a bipartisan coalition of the attorneys general for all 50 states, the District of Columbia, and the Northern Mariana Islands filed an amicus curiae brief in support of Troutman Pepper Locke and Dominion Energy’s petition for extraordinary relief in the matter of Yoon v. Collins, which continues the fight for veterans’ denied educational benefits.

Continue Reading

RISE Practice Group Members Selected to Law360 2025 Editorial Advisory Boards

We are pleased to announce that RISE Partners Ashley Taylor and Jean Gonnell have been selected to serve on Law360‘s editorial advisory boards this year. Ashley will contribute his expertise to the Consumer Protection Advisory Board, while Jean will lend her insights to the Cannabis Advisory Board. We congratulate them, along with the other Troutman Pepper Locke attorneys who have been chosen for their respective boards. Continue reading for a full list of Troutman Pepper Locke attorneys selected to serve on Law360 editorial advisory boards this year.

Continue Reading

The Future of Auto Dealership Compliance: A Conversation With Tom Kline

By Stephen C. PiepgrassBrooke Conkle, and Chris Capurso

This episode of Regulatory Oversight spotlights recent Moving the Metal episode “The Future of Auto Dealership Compliance: A Conversation With Tom Kline.” In this episode, Brooke Conkle and Chris Capurso from Troutman Pepper Locke’s Consumer Financial Services Practice Group are joined by Tom Kline, lead consultant and founder of Better Vantage Point. Tom shares his extensive experience in the auto industry, discusses the implications of the recent vacating of the CARS Rule by the Fifth Circuit, and provides insights into the most common compliance challenges faced by dealers. He also delves into the importance of having a robust compliance program and the evolving regulatory landscape. Additionally, Tom talks about his book, Tuck the Octopus, which offers valuable strategies for managing dealership operations and mitigating risks. Tune in to gain expert perspectives on staying compliant and competitive in the auto finance industry.

Continue Reading

Multistate AG Updates

Unpacking the Illicit E-Cigarette Crackdown by State AGs

By Chris CarlsonMichael Jordan, and Zie Alere

Published in Law360 on March 19, 2025. © Copyright 2025, Portfolio Media, Inc., publisher of Law360. Reprinted here with permission.

In mid-January, a bipartisan coalition of nine state attorneys general, as well as the Washington, D.C., attorney general, announced a coordinated effort to curb illicit electronic cigarette sales. The attorneys general of California, Connecticut, Illinois, Hawaii, Minnesota, New York, New Jersey, Vermont, Ohio and Washington, D.C., are coordinating enforcement activity targeting dealers of these products — issuing warning letters, serving civil investigative demands and filing complaints.

Continue Reading

Single State AG Updates

Indiana AG and Gaming Commission Warn Consumers About Illegal Gambling Ads

By Troutman Pepper Locke State Attorneys General Team, and Blake Christopher

Indiana Attorney General (AG) Todd Rokita recently partnered with the Indiana Gaming Commission to alert consumers about advertisements for illegal gambling.

Continue Reading

California Businesses Must Consider Auto-Renewal Law Changes

By Clayton FriedmanMichael Yaghi, and Natalia Jacobo

Troutman Pepper Locke attorneys assess the evolution of California’s auto-renewal law and the impact of these amendments on businesses and consumers.

California’s Auto Renewal Law is one of the most comprehensive laws applying to businesses offering automatic renewal or continuous service subscriptions in the country. Notable changes over the past few years—including new measures going into effect in July—mean businesses need to stay alert to comply if they sell any consumer goods or services to consumers through subscription programs that automatically renew.

Continue Reading

AG of the Week

Dave Yost, Ohio

Dave Yost was re-elected as Ohio’s 51st AG on November 8, 2022, receiving more votes than any AG in the state’s history. His tenure has been marked by a commitment to upholding the rule of law, protecting individual liberties, and fostering economic growth.

Yost has defended constitutional rights and has been an advocate for various policies aimed at protecting children and families. During the COVID-19 pandemic, he defended the freedoms of small businesses and religious institutions, successfully challenging federally mandated vaccines at the U.S. Supreme Court.

Before his tenure as AG, Yost served a Delaware County prosecutor and Ohio state auditor, where he fought public corruption and identified significant taxpayer savings. He holds degrees from the Ohio State University and Capital University Law School. Beyond his professional achievement, he is a musician and proud member of Buckeye Nation, residing in Columbus with his wife, Darlene. They have three adult children and five grandchildren.

Ohio AG in the News:

  • On March 21, Yost announced that two Ohio pension funds have been appointed by a Delaware judge as co-lead plaintiffs in a class action lawsuit over Boeing’s alleged safety failures.
  • On March 21, Yost announced a lawsuit against a remodeling company for allegedly defrauding homeowners by providing incomplete or poor-quality work.
  • On March 19, Yost announced a lawsuit against a luxury home décor retailer after hundreds of customers reported paying for furnishings that never arrived.

Upcoming AG Events

  • April: NAAG | AG Symposium | Nashville, TN
  • April: RAGA | Energy Summit | Houston, TX
  • April: AGA | International Delegation | Rome, Italy

For more on upcoming AG Events, click here.

On March 25, 2025, sweeping changes to the Delaware General Corporation Law (the DGCL) took effect (the amendments). The amendments introduce new “safe harbor” provisions designed to cleanse conflict transactions involving directors, officers, and controlling stockholders, subject to certain conditions. The amendments also substantially narrow the categories of information to which a stockholder demanding books and records of a corporation would be entitled.

Conflict Transactions Involving Directors and Officers

Under amended Section 144(a) of the DGCL, conflict transactions involving directors or officers may not be the subject of equitable relief or monetary damages against a director or officer if:

  1. The conflict was known to the board or committee and it is approved in good faith and without gross negligence by the affirmative votes of the disinterested directors then serving on the board or the committee (and if a majority of the directors then serving as such are not disinterested, then the act or transaction must be recommended for approval by a committee consisting of at least two directors who have been determined by the board to be disinterested);
  2. The act or transaction is approved or ratified by an informed, uncoerced, affirmative vote of a majority of the votes cast by the disinterested stockholders; or
  3. The act or transaction is fair to the corporation and its stockholders (essentially invoking Delaware’s “entire fairness” standard of review).

The new safe harbor provision prescribed by Section 144(a) of the DGCL generally follows current Delaware case law, except that it imposes no timing requirement with respect to the formation of any special committee created for purpose of a conflict transaction. That case law imposed a requirement that any such committee be formed ab initio (i.e., before any economic terms are negotiated). While the board must determine that each committee member is a disinterested director at formation, the new provision departs from current Delaware case law by preserving the safe harbor even if a court later disagrees with that determination as to one or more members, so long as a majority of the actually disinterested directors on the committee approved the transaction.

Under new Section 144(d)(2) of the DGCL, a director of a public company is presumed disinterested if the board determines that the director satisfies applicable stock exchange standards. However, this presumption can be rebutted by a showing of “substantial and particularized” facts that the director has a material conflict. Current Delaware case law found stock exchange standards to be persuasive, but not presumptive, for purposes of any conflicts analysis.

Finally, amended Section 144(a) of the DGCL introduces a “majority of votes cast” threshold for approval or ratification by the stockholders, and cleansing is not limited to simply prior approval of an act or transaction, but contemplates ratification of the act or transaction after the fact.

Conflict Transactions Involving Controlling Stockholders (Other Than Go-Private Transactions)

Under amended Section 144(b) of the DGCL, a conflict transaction involving a controlling stockholder (but other than a go-private transaction) may not be the subject of equitable relief or monetary damages against an officer, director, or the controlling stockholder by reason of a fiduciary breach if:

  1. The facts as to the transaction are disclosed to a committee to which the board has expressly delegated the authority to negotiate and to reject the transaction, and such transaction is approved (or recommended for approval) in good faith and without gross negligence by a majority of the disinterested directors then serving on the committee (and the committee must consist of at least two directors, each of whom has been determined by the board to be disinterested);
  2. The transaction is conditioned, at the time it is submitted to stockholders for their approval or ratification, on the approval of, or ratification by, disinterested stockholders, and the controlling stockholder transaction is approved or ratified by an informed, uncoerced, affirmative vote of a majority of the votes cast by the disinterested stockholders; or
  3. The transaction is fair as to the corporation and its stockholders (essentially invoking Delaware’s “entire fairness” standard of review).

In addition to the key differences described under the above section of this article with respect to amended Section 144(a) of the DGCL, which also generally apply to amended Section 144(b) of the DGCL, amended Section 144(b) of the DGCL departs from current Delaware case law involving conflicted controller transactions in that only requires that the conflicted controlling stockholder transaction be approved either by a special committee or by a vote of disinterested stockholders. Current Delaware case law mandates that a conflicted controlling stockholder transaction be approved by both mechanisms to bring the scrutiny of the transaction back to the protections of the business judgment rule.

Go-Private Transactions

Under new Section 144(c) of the DGCL, a go-private transaction may not be the subject of equitable relief or monetary damages against a director, officer, or any controlling stockholder by reason of a fiduciary breach if:

  1. The transaction is approved (or recommended for approval) by both a special committee and the disinterested stockholders as required under amended Section 144(b); or
  2. The going private transaction is fair as to the corporation and its stockholders (essentially invoking Delaware’s “entire fairness” standard of review).

The key differences described under the above sections of this article with respect to amended Sections 144(a) and 144(b) of the DGCL also generally apply to new Section 144(c) of the DGCL. However, new Section 144(c) of the DGCL preserves the so-called MFW doctrine under current Delaware case law with respect to the necessity for the go-private transaction to be approved by both a disinterested special committee and the disinterested stockholders to bring the scrutiny of the transaction back to the protections of the business judgment rule.

Defining Controlling Stockholder

Under new Section 144(e)(2) of the DGCL, a controlling stockholder is defined to be a stockholder who (i) wields majority power, (ii) has the right (such as pursuant to a stockholders agreement) to designate a majority of the members of the board, or (iii) has the power functionally equivalent to that of a majority stockholder through the control of (A) at least one-third in voting power of the outstanding voting stock and (B) the power to exercise managerial authority over the business and affairs of the corporation. Current Delaware case law set no such “floor” for the finding of a controlling stockholder for the purposes of a specific transaction.

In addition, under new Section 144(d)(5) of the DGCL, no controlling stockholder can be liable for monetary damages for the breach of the duty of care. Unlike exculpatory provisions for directors and officers authorized under Section 102(b)(7) of the DGCL, no “opt-in” certificate of incorporation provision is required for this provision to take effect.

Books and Records

Section 220 of the DGCL has been amended to substantially narrow the types of books and records to which a demanding stockholder would be entitled. Historically, stockholder litigation over books and records demands had become expensive and burdensome, especially with the advent of stockholder demands seeking to obtain electronic communications of directors.

New Section 220(a)(1) and 220(b) of the DGCL now contemplate that a demanding stockholder would only be entitled to the following types of information/documents:

  1. The certificate of incorporation (including a copy of any agreement or other instrument incorporated by reference in the certificate of incorporation);
  2. Bylaws (including a copy of any agreement or other instrument incorporated by reference in the certificate of incorporation);
  3. The minutes of all meetings of stockholders and any actions taken by written consent of stockholders in the past three years;
  4. All communications by the corporation in writing or by electronic transmission to stockholders generally within the past three years;
  5. The minutes of any meeting of the board of directors or any committee of the board and any actions taken by written consent of the board or a committee of the board;
  6. Materials provided to the board or any committee of the board in connection with actions taken by the board or the committee of the board;
  7. The annual financial statements of the corporation for the past three years;
  8. Any stockholders agreement; and
  9. Any director and officer independence questionnaires.

Importantly, new Section 220(b)(4) of the DGCL makes clear that this narrowed entitlement would not affect a stockholder’s right to seek discovery of other books and records if the stockholder is in active litigation. New Section 220(g) of the DGCL also introduces a carve-out to the new rules, making clear that a stockholder seeking to compel production of books and records may obtain other specific records if the stockholder can demonstrate that the specific records are (i) necessary and essential to its purpose and (ii) makes a showing of a compelling need for an inspection of the records to further its purpose.

Troutman Pepper Locke’s Cannabis Practice helps clients throughout their business cycle enter or expand into the cannabis space. Our team combines the resources of attorneys in areas such as licensing and taxation, regulatory compliance, corporate and transactional, intellectual property, and real estate, among others, to provide comprehensive services.

Our Cannabis Practice provides advice on issues related to applicable federal and state law. Cannabis remains an illegal controlled substance under federal law.

RISE Practice Group Members Selected to Law360 2025 Editorial Advisory Boards

By Troutman Pepper Locke

We are pleased to announce that RISE Partners Ashley Taylor and Jean Gonnell have been selected to serve on Law360‘s editorial advisory boards this year. Ashley will contribute his expertise to the Consumer Protection Advisory Board, while Jean will lend her insights to the Cannabis Advisory Board. We congratulate them, along with the other Troutman Pepper Locke attorneys who have been chosen for their respective boards.

Read More

Cannabis Regulatory Updates

Massachusetts Efforts to Ensure Safety in the Cannabis Industry: New Testing Requirements and Recent Advisories

By Jean Smith-Gonnell and Sydney Goldberg

On February 3, the Massachusetts Cannabis Control Commission (CCC) issued two public health and safety advisories regarding potentially contaminated marijuana products sold by two separate licensees in Massachusetts.

Read More

Chapter 15 of the Bankruptcy Code is a mechanism for debtors to have foreign insolvency proceedings recognized in the U.S. and to have the orders entered by a foreign court in those insolvency proceedings abroad given effect in the U.S.

This article will discuss the key issues of a Chapter 15 case and the differences from a Chapter 11 case. To access this article and read other insights from our Creditor’s Rights Toolkit, please click here.

On March 21, the Financial Crimes Enforcement Network (FinCEN) submitted an interim final rule (IFR) to the Federal Register, regarding the beneficial ownership information (BOI) reporting requirements under the Corporate Transparency Act (CTA). The IFR indicates that it takes effect immediately upon publication in the Federal Register, which is anticipated to occur on March 26.

The IFR provides that upon its effectiveness:

  • Entities that previously met the definition of a nonexempt “domestic reporting company” will be exempt from BOI reporting requirements; and

  • Entities formed under the law of a foreign country and registered to do business in any U.S. state or Tribal jurisdiction by filing a document with a secretary of state or similar office (formerly known as “foreign reporting companies”) will continue to be subject to the BOI reporting requirements (subject to certain modifications in the IFR) unless an exemption applies.

In issuing the IFR, FinCEN acknowledges that the BOI reporting requirements impose burdens on businesses and that the goal of collecting information while minimizing burdens is a “delicate balance.” It noted that the change in presidential administrations has “resulted in a reassessment of the balance struck by the reporting rule” and that the secretary of the Department of Treasury has “assessed that exempting [domestic entities] would ensure that the Reporting Rule is appropriately tailored to advance the public interest, considering the burdens imposed by the regulations without sufficient benefits.” FinCEN stated that this determination is consistent with the “direction of the President” pursuant to Executive Order 14192, Unleashing Prosperity Through Deregulation, and that it received written concurrences from the attorney general and the secretary of homeland security regarding the IFR.

What Changed?

The following is a summary of some of the IFR’s key changes to the rules previously implemented under the CTA:

Prior CTA Provision

IFR Amendment

The CTA defined “reporting company” to include both “domestic reporting companies” and “foreign reporting companies.”

Thus, both domestic reporting companies and foreign reporting companies were subject to the BOI reporting obligations unless an exemption to reporting applied.

The definition of “reporting company” has been revised to include only what was formerly defined as a “foreign reporting company” such that all entities created in the U.S. — including those previously known as “domestic reporting companies” — and their beneficial owners (regardless of whether they are U.S. persons or foreign persons) are exempt from the BOI reporting obligations.

There were previously 23 exemptions from the BOI reporting requirements.

There are now 24 exemptions from the BOI reporting requirements with the IFR introducing an additional exemption to reporting. The new exemption exempts any “domestic entity” from the BOI reporting obligations. “Domestic entity” is defined to match the prior definition of a “domestic reporting company” (any entity that is a corporation, limited liability company, or other entity and was created by the filing of a document with a secretary of state or any similar office under the law of a state or Indian tribe).

Foreign reporting companies were required to file initial BOI reports based on the date that they first registered to do business in the U.S.

After the CTA-related litigation, the deadlines were:

  • March 21, 2025, for entities first registered prior to February 19, 2025.

  • Within 30 days of notice of such registration for entities registered on or after February 19, 2025.

After an initial report was filed, updated reports were required within 30 days of applicable changes.

Upon the publication of the IFR in the Federal Register:

  • [Foreign] reporting companies registered to do business in the U.S. must file BOI reports no later than 30 days from the date of publication of the IFR; and

  • [Foreign] reporting companies registered to do business on or after the publication date of the IFR have 30 days to file an initial BOI report after receiving notice that their registration is effective.

Foreign reporting companies were required to report the BOI of all of their “beneficial owners” as defined in the CTA.

Foreign reporting companies are only required to report the BOI of beneficial owners who are non-U.S. persons.

U.S. persons were required to provide their BOI with respect to any nonexempt reporting company for which they were a beneficial owner.

U.S. persons are not required to provide their BOI with respect to any nonexempt reporting company for which they are a beneficial owner.

A foreign reporting company that meets the pooled investment vehicle exemption and no other exemptions must report the BOI of the individual who exercises substantial control over the entity. If multiple individuals exercise substantial control, the company must report the BOI of the person who has the greatest authority over the strategic management of the entity.

A foreign reporting company that meets the pooled investment vehicle exemption and no other exemptions must report the BOI of the individual who is a non-U.S. person and exercises substantial control over the entity (if any). If multiple non-U.S. persons exercise substantial control, the company must report the BOI of the non-U.S. person who has the greatest authority over the strategic management of the entity.

Domestic Reporting Companies Are Now Exempt

Companies that were previously subject to the BOI reporting requirements because they met the definition of a “domestic reporting company” and did not meet one of the previous 23 exemptions are now exempt pursuant to a new, 24th exemption. This new exemption exempts “domestic companies” from BOI reporting requirements and is available to any entity that was created by the filing of a document with a secretary of state or any similar office under the law of a state or Indian tribe (e.g., a “domestic reporting company” as defined prior to the IFR), regardless of the citizenship or jurisdiction of its beneficial owners.

As a result of the IFR, domestic companies no longer need to file initial BOI reports, and they have no obligation to update or correct any previously filed reports.

The secretary of the Department of Treasury created this new exemption on the basis that reporting by “domestic entities” would not serve the public interest and would not be highly useful in security, intelligence, and law enforcement efforts.

Changes Applicable to Foreign Companies

In contrast to domestic entities, FinCEN noted that foreign entities “present heightened national security and illicit finance risks and different concerns about regulatory burdens,” and as a result, “exempting foreign companies would not serve the public interest.” The IFR makes several changes to the CTA that impact foreign companies.

Definition of “Reporting Company”

First, the IFR revised the definition of “reporting company” in the CTA to include only companies that were previously defined as “foreign reporting companies.” As a result, “reporting company” now means any entity that is (a) a corporation, limited liability company, or other entity, (b) formed under the law of a foreign country; and (c) registered to do business in any state or Tribal jurisdiction by the filing of a document with a secretary of state or any similar office under the law of that state or Indian tribe.

Therefore, foreign companies that meet this definition will continue to be subject to the CTA and the BOI reporting obligations unless an exemption applies. The IFR extends the deadline for initial reports to the later of 30 days after the date the IFR is published or 30 days after notice of a company’s registration to do business in the U.S. The IFR does not provide for a transition period for compliance so 30-day filing deadline is a hard deadline.

BOI of US Persons

The IFR provides that a reporting company and any U.S. person who is a beneficial owner of that reporting company are exempt from providing the BOI of such U.S. person as a beneficial owner. In other words, reporting companies are only required to report company information and the BOI of company applicants and foreign owners, and U.S. persons are under no obligation to report their BOI as beneficial owners pursuant to the CTA.

Foreign Pooled Investment Vehicles

The IFR revises the special reporting rule applicable to foreign reporting companies who are exempt from BOI reporting solely because they meet the pooled investment vehicle exemption. Under the revised special reporting rule, foreign pooled investment vehicles must report the BOI of the individual who has substantial control over the entity if the individual is not a U.S. person. Where multiple individuals have substantial control over the foreign pooled investment vehicle and at least one of those individuals is not a U.S. person, such entity must report the individual with the greatest authority over the strategic management of the entity who is not a U.S. person. If there is no individual with substantial control who is not a U.S. person, the foreign pooled investment vehicle is not required to report any beneficial owners.

The IFR changes this requirement such that the BOI of a US person is not required under this special reporting rule.

Effectiveness of IFR

FinCEN stated that there is “good cause” for making the IFR effective immediately upon publication in the Federal Register because it “grants or recognizes an exemption or relieves a restriction” rather than imposing new burdens. For the same reason, FinCEN noted that prior notice and public comment are “unnecessary,” though public comment will be solicited after publication, and FinCEN intends to issue a final rule later this year. It is unclear whether the IFR and its limiting of the applicability of the CTA will be subject to challenge or revised as part of the public comment period. As such, we advise that (i) clients should continue to monitor for any updates to the IFR or its effectiveness and (ii) entities that were formed under the law of a foreign country and that have registered to do business in any U.S. state or Tribal jurisdiction by the filing of a document with a secretary of state or similar office (formerly known as “foreign reporting companies”) should move forward with completing any remaining information gathering and prepare to file a BOI report prior to the deadline published in the IFR.

On March 20, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued a final rule extending the recordkeeping requirements under OFAC’s regulations from five years to 10 years. This change aligns with the extension of the statute of limitations from five years to 10 years for violations of the International Emergency Economic Powers Act and the Trading with the Enemy Act, as provided by the 21st Century Peace through Strength Act, signed into law in April 2024. The final rule adopts, without change, the interim final rule published by OFAC on September 13, 2024.

One notable aspect of the final rule is OFAC’s warning to financial institutions subject to EU regulations on anti-money laundering and counter-terrorism financing that OFAC’s regulations must be complied with when applicable, even though there may be conflicts with EU laws governing data retention (e.g., Article 40 of EU Directive 2015/849, which provides that records of transactions must be deleted five years after the end of a business relationship with regular clients, or after the transaction for occasional clients, because this data is considered “personal” by EU authorities). OFAC considered a comment on this potential conflict of laws, and essentially indicated that they may (but would not be bound to) consider such a conflict as a mitigating factor in an enforcement action — cold comfort for a regulated financial institution facing a conflict between OFAC’s requirements and EU law.

OFAC’s recordkeeping requirements are very broad, as set out in the Reporting, Procedures and Penalties Regulations (RPPR) and the Cuban Assets Control Regulations (CACR). In essence, any person engaging in a transaction subject to OFAC’s regulations must maintain a full and accurate record of each such transaction. These records must be available for examination for at least 10 years after the date of the transaction. Additionally, individuals holding property blocked pursuant to OFAC’s regulations are required to keep comprehensive records of such property for the duration it remains blocked and for at least 10 years after it is unblocked. With this in mind, the records must in many cases be kept for longer than 10 years.

Not all company records are subject to this 10-year retention requirement. The rule specifically targets records of transactions under OFAC’s jurisdiction and records of blocked property. Records under OFAC’s jurisdiction refer to documentation related to transactions, property, or activities subject to U.S. economic sanctions. This includes transactions involving sanctioned persons or entities, or sanctioned territories, and records of blocked or rejected transactions.

Separately, as a protective measure, businesses should retain documentation demonstrating compliance with OFAC’s regulations, including due diligence and screening results, and other internal compliance measures.

The extension of the recordkeeping period calls for companies to revise their compliance policies and practices to reflect and implement the 10-year retention requirement. Additionally, employees involved in transactions subject to OFAC’s regulations should be informed about the updated recordkeeping requirements.

This alert is intended as a guide only and is not a substitute for specific legal or tax advice. Please do not hesitate to reach out to us with questions.

Published in Law360 on March 21, 2025. © Copyright 2025, Portfolio Media, Inc., publisher of Law360. Reprinted here with permission.

On Feb. 20, the U.S. Securities and Exchange Commission announced the creation of the Cyber and Emerging Technologies Unit, which will replace the Enforcement Division’s previous Crypto Assets and Cyber Unit.[1]

The SEC stated that the CETU will focus on combating online misconduct and protecting retail investors from bad actors in the emerging technology space. The newly constituted CETU will be led by Laura D’Allaird, former co-chief of the Crypto Assets and Cyber Unit.

This marks the second major shift for the unit, which was originally established in 2017 during the first Trump administration as the Cyber Unit. In 2022, under the leadership of former SEC Chair Gary Gensler, the unit was renamed the Crypto Assets and Cyber Unit to encompass crypto-assets and nearly doubled in size from 30 to 50 dedicated positions.[2]

In announcing the CETU’s creation last month, the SEC stated that the headcount has been reduced back down to 30 and that it “will complement the work of the Crypto Task Force led by Commissioner Hester Peirce.” The Crypto Task Force, which was launched on Jan. 21 by acting Chair Mark T. Uyeda,[3] sits outside the SEC’s Enforcement Division.

As Uyeda explained in a Feb. 24 speech, the Crypto Task Force “will seek to develop a comprehensive regulatory framework to provide realistic paths to registration and to craft sensible disclosure frameworks.”[4] According to Uyeda in the Feb. 20 press release announcing the creation of the CETU, this restructuring “will allow the SEC to deploy enforcement resources judiciously.”

The SEC announced that the CETU will focus on seven priority areas. Consistent with its new name, the CETU is shifting its focus beyond cryptocurrency to include issues such as artificial intelligence and other emerging technologies, which in addition to posing risks may be exploitable by bad actors to deceive investors.

Three of the seven key areas where the CETU will specifically target fraudulent activities, include emerging technologies, are “fraud committed using emerging technologies, such as artificial intelligence and machine learning; use of social media, the dark web, or false websites to perpetrate fraud; … [and] fraud involving blockchain technology and crypto assets.” This likely signals a shift away from the previous administration’s pursuit of nonfraud registration cases concerning digital assets.

The other four key areas that the SEC intends to prioritize involve cyber-related misconduct, specifically “hacking to obtain material nonpublic information,” which can be used to facilitate illegal trading; “takeovers of retail brokerage accounts; … regulated entities’ compliance with cybersecurity rules and regulations; and “public issuer fraudulent disclosure relating to cybersecurity.”

Notably, three of these four areas focus on the conduct of cybersecurity threat actors, as opposed to the companies that fall victim to their malicious attacks. This should be a welcome improvement for public companies that viewed many of the SEC’s recent cybersecurity enforcement actions as blaming the victim and punishing companies that disclosed material cybersecurity incidents in their public filings.

Although not explicitly stated, the reference to “cybersecurity rules and regulations” likely pertains to the enforcement of the SEC cybersecurity risk management rules promulgated in 2023.[5] However, it may also signal a retreat from the prior administration’s expansive approach to cybersecurity enforcement for public companies. As we discussed last year, the Crypto Assets and Cyber Unit has sought to expand the SEC’s rules regarding internal accounting controls by including cybersecurity in that category.[6]

Clearly, numerous changes were to be anticipated with the presidential transition from President Joe Biden to President Donald Trump. The creation of the CETU may be just one of the many outcomes from this executive administration’s approach to securities regulation. As Uyeda noted during his Feb. 24 remarks at the Florida Bar’s 41st Annual Federal Securities Institute and M&A Conference, “the Commission has begun the process of returning to its narrow mission to facilitate capital formation, while protecting investors and maintaining fair, orderly, and efficient markets.”[7]

Though the SEC is significantly curtailing its enforcement regime in the crypto space, the Division of Enforcement’s cybersecurity program appears poised for the long haul. Public companies, and specifically financial institutions and technology companies, should consider the following key takeaways.

1. Implement or strengthen compliance regimes.

The CETU’s aim is to concentrate on other emerging technologies that have been shaping business. Artificial intelligence and machine learning will probably be a focus of the CETU as more agencies such as the SEC examine how these technologies affect the day-to-day experiences of American citizens.[8]

Data analytic companies, investment advisers or other SEC-regulated entities that utilize artificial intelligence as part of their stock market analysis or trading should ensure that they are implementing or updating compliance programs that incorporate the latest regulatory requirements.

2. Emphasize cybersecurity reporting and disclosure.

The new administration is maintaining its focus on addressing cyber-related misconduct. There remains a strong emphasis on ensuring that investors are well informed about cybersecurity risks and incidents concerning the companies they invest in. Additionally, the SEC has renewed its focus on targeting hackers who gain unauthorized access to material nonpublic information, which could be used to facilitate illegal trading.

Considering these priority areas, businesses would be prudent to take the following steps.

Review incident response plans and materiality assessment procedures.

Ensure that these plans and procedures align with the SEC’s rules on reporting material incidents. This includes adhering to the SEC’s May 2024 guidance on disclosing “other cybersecurity incidents” through the use of Item 8.01 on Form 8-K.[9] This provision allows companies to disclose a cybersecurity incident for which they have not yet made a materiality determination or that they determined to be nonmaterial.

Pay attention to incidents potentially affecting MNPI.

Review the processes for assessing materiality and categorizing incidents within the incident response plan. Pay particular attention to incidents that may implicate MNPI, as these could affect the materiality profile of an incident.

While the CETU’s priority areas suggest that the primary targets of enforcement actions related to unauthorized access to MNPI are the hackers themselves, companies that experience incidents involving MNPI but fail to report them, or do not report them in a timely manner, may face similar consequences.

Review prior risk factors and disclosures.

Conduct a thorough review of prior risk factors and disclosures to ensure they are up to date. For example, if a company’s SEC filings outline potential challenges and adverse conditions that could arise from a cybersecurity incident, an investor might incorrectly assume that no incident has occurred if the disclosures are not updated.

Ensuring that disclosures accurately reflect the current situation helps maintain transparency and prevents the misleading of investors about the company’s cybersecurity status.

3. Crypto-asset businesses should heed to continuous and sound legal advice.

While this administration is open to a more crypto-friendly environment, it is unclear how the SEC or the White House will approach crypto regulation. This uncertainty can prove challenging, so crypto-asset entities should still ensure that they are conducting business within the legal frameworks that currently exist.

Entities engaging in the crypto-asset business should continue to monitor their obligations under the SEC and incorporate compliance programs that promote antifraud business practices and abide by all policies and regulations.

4. Be open to regulatory harmonization.

A broader framework imposed on the CETU could signal a focus on more regulatory harmonization. Companies should take this opportunity to engage with the SEC to help shape policy surrounding regulatory oversight of these key emerging technology areas.

[1] SEC Announces Cyber and Emerging Technologies Unit to Protect Retail Investors, SEC.gov | SEC Announces Cyber and Emerging Technologies Unit to Protect Retail Investors, https://www.sec.gov/newsroom/press-releases/2025-42.

[2] SEC Nearly Doubles Size of Enforcement’s Crypto Assets and Cyber Unit, SEC.gov | SEC Nearly Doubles Size of Enforcement’s Crypto Assets and Cyber Unit, https://www.sec.gov/newsroom/press-releases/2022-78.

[3] SEC Crypto 2.0: Acting Chairman Uyeda Announces Formation of New Crypto Task Force, SEC.gov | SEC Crypto 2.0: Acting Chairman Uyeda Announces Formation of New Crypto Task Force, https://www.sec.gov/newsroom/press-releases/2025-30.

[4] Remarks at the Florida Bar’s 41st Annual Federal Securities Institute and M&A Conference, SEC.gov | Remarks at the Florida Bar’s 41st Annual Federal Securities Institute and M&A Conference, https://www.sec.gov/newsroom/speeches-statements/uyeda-remarks-florida-bar-022425.

[5] Troutman Pepper Locke, “SEC Adopts Final Cybersecurity Rules — Requires Companies to Focus on Their Security and Disclosure Plans,” https://www.troutmanfinancialservices.com/2023/07/sec-adopts-final-cybersecurity-rules-requires-companies-to-focus-on-their-security-and-disclosure-plans/.

[6] Troutman Pepper Locke, “SolarWinds Ruling Offers Cyber Incident Response Takeaways,” https://www.troutman.com/insights/solarwinds-ruling-offers-cyber-incident-response-takeaways.html.

[7] Remarks at the Florida Bar’s 41st Annual Federal Securities Institute and M&A Conference, SEC.gov | Remarks at the Florida Bar’s 41st Annual Federal Securities Institute and M&A Conference, https://www.sec.gov/newsroom/speeches-statements/uyeda-remarks-florida-bar-022425.

[8] Office of the Strategic Hub for Innovation and Financial Technology (FinHub), SEC.gov | Office of the Strategic Hub for Innovation and Financial Technology (FinHub).

[9] Securities and Exchange Commission, Commission Statement and Guidance on Public Company Cybersecurity Disclosures, Commission Statement and Guidance on Public Company Cybersecurity Disclosures, https://www.sec.gov/newsroom/speeches-statements/gerding-cybersecurity-incidents-05212024.

Just two months into President Donald Trump’s second term, contractors have been whipsawed by a flurry of executive orders, Department of Government Efficiency (DOGE) directives, and agency actions. This has brought an era of chaos, confusion, and uncertainty to the government marketplace as contractors endeavor to figure out what all of this means, day to day as they proceed with contract performance.

Companies (prime contractors, subcontractors, and supply chain vendors) under contract for federally funded construction projects have been challenged to source domestically produced iron and steel, construction materials, and manufactured products for incorporation into those projects. Now, with the imposition of tariffs on imported iron and steel products, construction materials, timber, and manufactured products (e.g., HVAC, plumbing, electrical, and communications, systems and components, textiles, furnishings, vehicles, etc.), the domestic supply chain for these products will inevitably be subject to upward price pressure. Contractors are therefore at risk of seeing their cost of performance exceed the contract price. What can they do to protect themselves from increased risk of loss stemming from these upward price pressures?

Solicitations and Contracts – Review and Understand Key Provisions

For newly issued solicitations, and before offers are submitted, consider submitting one or more questions to the agency, seeking clarification or even change to one or more contract terms and conditions. For example, if the contract type is designated as fixed price, consider asking the agency to amend the solicitation to make it a fixed price with economic adjustment type of contract, and specify adjustment based on actual labor and material costs. See FAR 16.203-1(a)(2), FAR 52.216-4.

If you have project offers under consideration, but no award has yet been announced, now would be a good time to review the solicitation terms and conditions to determine how, if at all, you can pass along to the government (or to your customer) future cost increases stemming from market pressures (e.g., supply, demand, taxes, tariffs, import duties, shortages, and such). As between you and your customer — who bears the risk of such increases? For federally funded projects, there will be a schedule of Federal Acquisition Regulation (FAR), Defense Federal Acquisition Regulation Supplement (DFARS), and other agency supplemental contract clauses that may speak to allocation of pricing risks. For multiyear contracts, it is common to include a price escalation factor from one year to the next. Before an award is announced, it may be prudent to consider submitting a revised offer in an effort to reallocate price risk. The solicitation likely will inform you as to the process for submitting a revised offer.

For contracts already awarded, look to the contract terms, conditions, and flow-down of federal contract clauses (FAR, DFARS and others, or 2 CFR 200 and agency supplements) to determine whether there is a path forward for claiming price increases stemming from tariff pressure or other market forces. Seasoned federal contractors are already familiar with the changes clauses and the disputes clause (FAR 52.243-X, and 52.233-1, respectively), both of which likely would be invoked to formally submit a request for equitable adjustment (REA) or formal claim under the Contract Disputes Act (CDA). Substantively, there may be a recovery theory rooted in FAR 52.229-3 Federal, State and Local Taxes, which allows for a price increase stemming from a post-award federal imposition of a new “duty,” no amount of which was previously factored into contractor’s offered pricing. FAR 52.229-3(c).

The contract may well include other contract clauses, terms, and conditions that directly or indirectly impact the question of whether the government or the contractor bears the risk of price increases. In these times of rapidly changing policies, carve-outs, and partial exemptions, this question should be considered early and often. The contractor should get comfortable with the possibility that it may have to formally assert its right to a price adjustment and be prepared to enforce that right as contemplated under the disputes clause.

Troutman Pepper Locke attorneys assess the evolution of California’s auto-renewal law and the impact of these amendments on businesses and consumers.

California’s Auto Renewal Law is one of the most comprehensive laws applying to businesses offering automatic renewal or continuous service subscriptions in the country. Notable changes over the past few years—including new measures going into effect in July—mean businesses need to stay alert to comply if they sell any consumer goods or services to consumers through subscription programs that automatically renew.

In July 2018, the law was amended to require online cancellation methods for consumers. Around the same time the law was amended, district attorneys across the state formed the California Automatic Renewal Task Force. According to participants in the Task Force, CART was formed to coordinate efforts to address the surge in consumer complaints around autopay and automatic subscription renewals.

Read the full article on Bloomberg Law.

In a decision that resonates with many critics of mootness fees, a U.S. district judge for the Northern District of Illinois ordered counsel for Akorn Inc. shareholders to return $332,500 in attorneys’ fees extracted from a series of what he labeled as frivolous lawsuits against the company and signaled his openness to imposing additional sanctions.[1]

The litigation underlying this decision stems from a series of lawsuits filed by Akorn shareholders after Akorn announced a merger with another company. Akorn’s shareholders filed five class actions and one individual action seeking to compel Akorn to supplement its proxy statement issued in connection with the merger, arguing it violated Section 14(a) of the Securities Exchange Act of 1934. These lawsuits were voluntarily dismissed as moot after Akorn amended its proxy statement and agreed to pay $322,500 in attorneys’ fees.

Following dismissal, another Akorn shareholder, Theodore Frank, moved to intervene to challenge the mootness fee. He argued that plaintiffs’ counsel should return the payment because the shareholder claims were frivolous. The court agreed.[2] While it denied Frank’s motion to intervene, the court ultimately reconsidered the suits and found that the disclosures at issue were not “plainly material,” as articulated by the Seventh Circuit in Walgreen.[3] Finding that the disclosures were “worthless” to the shareholders, the court exercised its inherent authority to order plaintiffs’ counsel to return the attorneys’ fees Akorn paid.

On appeal, the Seventh Circuit found that the district court did not have the inherent authority to reconsider the merger challenge and the mootness fees and that the court was wrong to deny Frank’s motion to intervene.[4] The Seventh Circuit nevertheless agreed with the district court’s reasoning and determined that its reference to “inherent authority” should have been to the Private Securities Litigation Reform Act, §78u–4(c)(1) (the PSLRA), and Rule 11,[5] which supply a mechanism for review of the underlying merit of a federal securities claim. The Seventh Circuit explained that these mechanisms incorporate the “plainly material” standard articulated in the Walgreen case. Accordingly, the Seventh Circuit remanded the case to the district court to conduct a proper proceeding under §78u–4(c)(1) and Rule 11.

Consistent with its prior holding, the district court found that none of the disclosures sought by the shareholders were “plainly material.” Consequently, the court found the claims to be frivolous in violation of Rule 11 and, thus, sanctionable. As a result, the court affirmed its order that the mootness fees should be returned as a sanction.

The court also considered the additional sanctions Frank suggested, including (1) requiring all signing plaintiffs’ counsel and their firms to disclose and cite the finding, along with the Alcarez opinion, in any future lawsuits or demand letters concerning corporate merger transactions, including tender offers; (2) requiring counsel to disclose retention agreements with the plaintiffs; (3) requiring counsel to disclose all purported mootness fees extracted by them in similar suits and demand letters; and (4) imposing monetary penalties. While the court rejected the fourth suggestion to impose further monetary sanctions, it noted that it is inclined to order the first three suggestions and requested further briefing on their propriety.

This decision serves as a reminder of the judiciary’s increasing vigilance against frivolous corporate merger-related lawsuits and the improper extraction of mootness fees. By mandating the return of $332,500 in attorneys’ fees and contemplating additional sanctions, the court has underscored the necessity for plaintiffs’ attorneys to ensure that their claims are justified before filing a complaint.

[1] See Berg, et al. v. Akorn, Inc., No. 17 C 5016, 2025 WL 755704 (N.D. Ill. Mar. 10, 2025).

[2] See House v. Akorn, Inc., 385 F. Supp. 3d 616, 623 (N.D. Ill. 2019).

[3] See In re Walgreen Co. Stockholder Litig., 832 F.3d 718, 725 (7th Cir. 2016).

[4] See Alcarez v. Akorn, Inc., 99 F.4th 368, 375 (7th Cir. 2024).

[5] The PSLRA provides that in “any private action arising under this chapter, upon final adjudication of the action, the court shall include in the record specific findings regarding compliance by each party and each attorney representing any party with each requirement of Rule 11(b) of the Federal Rules of Civil Procedure as to any complaint, responsive pleading, or dispositive motion.” 15 U.S.C. §78u–4(c)(1).