Regulatory Oversight Blog

Make sure to visit Troutman Pepper Locke’s Regulatory Oversight blog to receive the most up-to-date information on regulatory actions and subscribe to our mailing list to receive a monthly digest.

Regulatory Oversight will provide in-depth analysis into regulatory actions by various state and federal authorities, including state attorneys general and other state administrative agencies, the Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC). Contributors to the blog will include attorneys with multiple specialties, including regulatory enforcement, litigation, and compliance.

Troutman Pepper Locke

Troutman Pepper Locke Officially Launches

Law Firm Grows to More Than 1,600 Attorneys Across 33 Offices, Enhancing Capabilities and Expanding Reach for Clients

Troutman Pepper and Locke Lord have merged to form Troutman Pepper Locke LLP, a law firm with more than 1,600 attorneys across 33 offices in the United States and Europe.

Read More

Podcast Updates

The 12 Days of Regulatory Insights

We are excited to share the complete special holiday series, “The 12 Days of Regulatory Insights,” as part of our Regulatory Oversight podcast. This 12-part series covers a variety of critical regulatory topics, offering concise and insightful discussions from members of our Regulatory Investigations, Strategy + Enforcement practice group and State Attorneys General team. The series also includes guest commentary from several esteemed colleagues across various areas of the firm.

The complete 12 Days of Regulatory Insights series:

What Financial Services Companies Need to Know in a Second Trump Administration

By Stephen C. PiepgrassJames StevensChris WillisMark Furletti, and Jesse Silverman

In this episode of The Consumer Finance Podcast, host Chris Willis, co-leader of Troutman Pepper’s Consumer Financial Services Regulatory practice, is joined by colleagues Mark Furletti, Stephen Piepgrass, Jesse Silverman, and James Stevens. Together, they delve into the anticipated regulatory landscape and legal needs for financial services companies under the upcoming Trump administration. The discussion covers the potential resurgence of new financial products, the impact on M&A activity, the role of state attorneys general, and the future of bank-fintech partnerships. Tune in to gain insights on how to strategically navigate the evolving regulatory environment and leverage opportunities in the financial sector.

Read More

NAAG Updates

Leadership Changes at NAAG

By Troutman Pepper Locke State Attorneys General Team

The National Association of Attorneys General (NAAG) recently held its annual Capital Forum in Washington, D.C., where noteworthy leadership changes were announced. This year’s forum marked the transition of leadership within the organization, reflecting its ongoing commitment to addressing important issues through bipartisan collaboration.

Read More

FTC Updates

Bipartisan FTC Rule Bans Junk Fees for Live-Event Tickets and Short-Term Lodging

By Clayton FriedmanNamrata Kang, and Natalia Jacobo

Warnings of an impending regulatory focus on hidden and junk fees materialized following President Joe Biden’s call to Congress during his 2023 State of the Union address to eliminate them. On December 17, the Federal Trade Commission (FTC) announced its final rule, Trade Regulation rule on Unfair or Deceptive Fees (Junk Fees Rule), which bans junk fees associated with live-event ticket and short-term lodging (hotels and vacation rentals). By focusing exclusively on the live-event ticket and short-term lodging sectors, the rule is notably narrower in scope than the originally proposed rule from October 2023, which targeted junk and hidden fees across all industries nationwide.

Read More

Cyber Updates

The Supreme Court of Virginia Provides Needed Cybercrime Guidance

By Gene Fishel and Stephen Sovinsky

On November 21, the Supreme Court of Virginia entered a published order reversing a 14-3 en banc decision of the Court of Appeals of Virginia addressing the applicability of Virginia’s criminal laws regulating cybercrime. The decision in Commonwealth v. Wallace is the latest example of courts testing regulatory reach in the cybercrime arena.

Read More

Movie Theater Data Breach Leads to Settlement and Class Action Lawsuits

By Troutman Pepper Locke State Attorneys General TeamNick Gouverneur, and Karla Ballesteros

New York Attorney General (AG) Letitia James and global movie theater operator National Amusements, Inc. (National) settled a lawsuit stemming from a 2022 data breach reported by National, which affected 82,128 National employees. As part of its settlement, National agreed to pay $250,000 in penalties to the state and to “improve existing cybersecurity infrastructure to prevent future data breaches.”

Read More

Antitrust Updates

Two Courts Block Kroger-Albertsons Merger

By Barbara Sicalides and Julian Weiss

Within hours of each other, an Oregon federal district court followed by a Washington state court enjoined the $24.6 billion merger of the Kroger and Albertsons grocery chains. The Oregon court adopted the controversial 2023 Merger Guidelines’ market concentration presumption and largely accepted the Federal Trade Commission’s (FTC) and its expert’s arguments for a narrow grocery market. In a loss for the FTC, the Oregon court declined to find that the proposed transaction was likely to substantially harm competition in the labor market alleged.

Read More

Other State AG Updates

Eighteen State AGs and DeFi Education Fund Sue SEC for Approach to Digital Asset Regulation

By Troutman Pepper Locke State Attorneys General Team

On November 14, a coalition of 18 states, led by Utah Attorney General (AG) Sean Reyes, the outgoing chairman of the Republican AGs Association, filed a lawsuit against the U.S. Securities and Exchange Commission (SEC) and its chair, Gary Gensler. DeFi Education Fund, a 501(c)(3) nonprofit organization, also joined the states in this legal action. The lawsuit, filed in the U.S. District Court for the Eastern District of Kentucky, challenges the SEC’s regulatory approach toward digital assets, asserting that the agency has overstepped its authority and infringed upon state sovereignty.

Read More

AGs Take Action Regarding Claims of Medicaid Fraud

By Troutman Pepper Locke State Attorneys General Team and Nick Gouverneur

This month, two attorneys general (AGs) have settled False Claims Act investigations with two separate companies in the health care industry. Both settlements were notable in their own right.

Read More

Connecticut AG Reaches $2M Settlement With Pike Fuels Over Environmental Protection Claims

By Troutman Pepper Locke State Attorneys General Team

Connecticut Attorney General (AG) William Tong announced a $2 million settlement with Pike Fuels to resolve allegations that the company violated Connecticut environmental protection laws by, among other things, falsifying monthly leak inspection records for a New Haven petroleum distribution facility.Read More

Tobacco Updates

Opportunities for the Trump Administration to Step Up Enforcement Against Unauthorized ENDS

By Bryan HaynesAgustin Rodriguez, and Zie Alere

Throughout 2024, the U.S. Food and Drug Administration (FDA) endeavored to curb sales of unauthorized electronic nicotine delivery systems (ENDS) in the U.S. In light of persistent demand for flavored ENDS — nearly all of which are unauthorized — there is little evidence that these enforcement efforts have reduced illicit sales. Indeed, some observers estimate that flavored ENDS account for more than 80% of all ENDS sales. With a new administration on the horizon, our team highlights two opportunities for FDA to step up its enforcement efforts: (1) focusing enforcement on imports and (2) authorizing premarket tobacco product applications (PMTAs) for flavored products.

Read More

Cannabis Updates

Getting Into the Weeds on Marijuana Excise Taxes: Trends and Outliers in the Largest Markets

By Jean Smith-Gonnell and Zie Alere

State and federal excise taxes are a critical element of the business environment for major “vice” industries in the United States, such as tobacco. While no federal excise tax applies to marijuana, state excise taxes (SET) are a significant economic consideration for the recreational marijuana industry in a given state.

Read More

Potential State-Centric Marijuana Policy in the 119th Congress

By Jean Smith-Gonnell and Zie Alere

With power changing hands in Washington, D.C., what can marijuana industry members expect from the 119th Congress? Two GOP proposals from the 118th Congress may foreshadow the likely path for federal marijuana legalization. These bills — the “States Reform Act of 2023” and the “Strengthening the Tenth Amendment Through Entrusting States (STATES) 2.0 Act” —would explicitly support states’ legal marijuana regimes, while leaving states with the ultimate decision of whether to establish such regimes.

Read More

Colorado Hemp Company Settles With AG Over Alleged Violations of Consumer Protection Law

By Nick RamosTroutman Pepper Locke State Attorneys General Team, and Jean Smith-Gonnell

The Colorado Attorney General’s (AG) Office recently entered into a settlement agreement with Bee’s Knees Enterprises, LLC, dba Bee’s Knees CBDs, addressing allegations of violations of the Colorado Consumer Protection Act (CCPA). The CCPA generally prohibits deceptive trade practices, including false representations or advertising, and allows for public or private enforcement and civil penalties. The settlement agreement resolves claims against Bee’s Knees without admitting liability.

Read More

Stephanie Kozol, Senior Government Relations Manager – State Attorneys General, also contributed to this newsletter.

Our Cannabis Practice provides advice on issues related to applicable federal and state law. Marijuana remains an illegal controlled substance under federal law.

On December 18, 2024, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued General License (GL) 1B (Authorizing Certain Activities Involving Federal State Budgetary Institution Marine Rescue Service) and GL 115 (Authorizing Transactions Involving Gazprombank Related to Civil Nuclear Energy) related to the Russian Harmful Foreign Activities Sanctions Regulations, 31 CFR part 587 (RuHSR). OFAC simultaneously issued one amended Russia-related Frequently Asked Question (FAQ) 894 and related FAQ 1203.

Subsequently, on December 27, 2024, OFAC issued GL 116 (Authorizing Transactions Involving Entities Owned by Bidzina Ivanishvili) related to RuHSR and a related FAQ 1204.

GLs

OFAC amended GL 1A to GL 1B, which authorizes transactions with the Russian Federal State Budgetary Institution Marine Rescue Service (MRS) and entities more than 50% owned by MRS that are otherwise prohibited under Executive Order (EO) 14039 and EO 14024, or the Protecting Europe’s Energy Security Act (PEESA). These authorizations specifically exclude the construction of the Nord Stream 2, TurkStream, or any successor projects thereof.

GL 1B, issued after MRS was designated as a Specially Designated National (SDN) under EO 14024, specifically excludes any:

  1. Transactions involving vessels on OFAC’s List of Specially Designated Nationals and Blocked Persons (SDN List) as blocked property of MRS, including vessels identified as blocked property of any entity in which MRS owns, directly or indirectly, a 50% or greater interest;

  2. Transactions prohibited by Directive 2 of EO 14024 (Prohibitions Related to Correspondent or Payable-Through Accounts and Processing of Transactions Involving Certain Foreign Financial Institutions) or Directive 4 of EO 14024 (Prohibitions Related to Transactions Involving the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, and the Ministry of Finance of the Russian Federation);

  3. Activities prohibited under PEESA, otherwise prohibited by the RuHSR, or other U.S. regulations or executive orders; or

  4. Transactions involving any blocked persons not explicitly covered by this GL.

GL 115 authorizes U.S. persons, through June 30, 2025, to engage in transactions involving Gazprombank Joint Stock Company (Gazprombank) and its majority-owned subsidiaries related to civil nuclear energy projects initiated before November 21, 2024. However, the license specifically prohibits any:

  1. Transactions related to the Paks II nuclear power plant project or its successors;

  2. Transactions prohibited by Directive 2 under EO 14024;

  3. Debits to accounts held at U.S. financial institutions for Russia’s Central Bank, National Wealth Fund, or Ministry of Finance; or

  4. Transactions otherwise prohibited by the RuHSR or involving blocked persons not specifically covered by the license unless separately authorized.

On December 27, 2024, OFAC designated former Georgian Prime Minister Bidzina Ivanishvili (Ivanishvili) as a SDN under EO 14024. GL 116 authorizes transactions with entities blocked solely due to Ivanishvili’s ownership interest, provided such entities are not separately listed on OFAC’s SDN List. However, GL 116 excludes:

  1. Transactions prohibited by Directive 2 under EO 14024;

  2. Transactions prohibited by Directive 4 under EO 14024;

  3. Transactions related to the Singapore Court of Appeal case Credit Suisse Trust Ltd v. Ivanishvili, Bidzina and others [2024] SGCA(I) 5 and Civil Appeal No. 10 of 2023, including related proceedings, enforcement of judgments or settlements, and associated payments or asset transfers; and

  4. Transactions otherwise prohibited by the RuHSR, including those involving blocked persons not covered by the license, unless separately authorized.

FAQs

FAQ 894 – GL 1B authorizes U.S. persons to engage in certain transactions involving the MRS and its majority-owned entities, provided they are not related to the Nord Stream 2, TurkStream, or successor pipeline projects. However, GL 1B does not permit transactions involving vessels designated as blocked property of MRS or its affiliates on the SDN List.

FAQ 1203 – Permitted activities under GL 115 include uranium production and processing, nuclear fuel and waste management, and the operation of civil nuclear projects. However, GL 115 excludes transactions related to new nuclear power plants after November 21, 2024, and the Paks II nuclear power plant project. Non-U.S. persons are not generally at risk of U.S. sanctions for similar transactions, so long as a U.S. person would not require a license.

FAQ 1204 – While transactions involving Ivanishvili are prohibited, GL 116 allows U.S. persons to engage in transactions with entities majority-owned by Ivanishvili, provided those entities are not on the SDN List. Non-U.S. persons can also engage in these transactions without sanctions risk. However, U.S. persons remain prohibited from transacting directly with Ivanishvili unless specifically authorized, and GL 116 excludes certain transactions, such as those related to the Singapore Court of Appeal Case and related proceedings.

Conclusion

As the Biden administration concludes and President Trump prepares to take office, the future of U.S. sanctions on Russia remains uncertain. Clients should closely monitor policy changes under the new administration, as a shift in enforcement priorities or additional sanctions relief could significantly impact compliance obligations and business operations.

To remain compliant, companies should review and update their sanctions screening processes, ensuring they account for recent SDN designations and GL conditions and evaluate their risk exposure to Russian entities and individuals, particularly those with complex ownership structures or links to SDNs.

This paper is intended as a guide only and is not a substitute for specific legal or ‎tax advice. ‎‎‎‎Please ‎‎reach out to the author for any specific questions. We expect ‎to continue to monitor the ‎‎‎‎topics ‎‎addressed in this paper and provide future ‎client updates when useful.‎

In the rapidly evolving data center industry, efficiency, scalability, and sustainability are paramount. As the demand for data processing power continues to surge, driven mainly by AI, traditional cooling methods are being stretched to their limits. Enter liquid cooling technology — a game-changer that promises to reshape the landscape of data center operations.

What Is Liquid Cooling?

Liquid cooling refers to the use of liquid as a coolant to dissipate heat generated by servers and other IT equipment. Unlike conventional air cooling, which relies on fans to circulate air, liquid cooling systems utilize liquids — often water or specialized coolant mixtures — to absorb and transfer heat away from critical components.

Advantages of Liquid Cooling

There are many advantages to using liquid cooling solutions over traditional air cooling. These include:

  • Efficiency and Reduced Energy Consumption: Liquid cooling systems can achieve much lower temperature levels than air cooling. This efficiency translates to better performance and can lead to substantial energy savings for operators and end-users. Traditional air cooling requires significant power to operate fans and air conditioning units. Liquid cooling systems consume less energy, contributing to lower operational costs and a smaller carbon footprint.

  • Enhanced Performance: As processors become more powerful, they generate more heat. Liquid cooling can keep temperatures stable under heavy loads, ensuring that performance doesn’t degrade due to “thermal throttling.”

  • Space Optimization: With the ability to cool more effectively, data centers can pack more servers into a smaller footprint. This density reduces the physical space required for data center operations, allowing for more efficient use of real estate.

  • Sustainability: As organizations strive to meet environmental, social, and corporate governance (ESG) goals, liquid cooling presents an environmentally friendly alternative. By lowering energy consumption and improving cooling efficiency, data centers can significantly reduce their overall environmental impact.

Implications of Liquid Cooling on Data Center Leases and Services Agreements

As liquid cooling technology becomes increasingly adopted in data centers around the world, it will inevitably influence the structure and content of data center leases and services agreements. Developers, operators, and customers will need to consider the drafting of several key provisions to ensure that the unique requirements and benefits of liquid cooling are adequately addressed in legal agreements:

  1. Cooling Infrastructure Specification
    Leases should include a detailed specification regarding the cooling infrastructure. This includes: (1) type of cooling systems – clearly outline the type of cooling systems implemented, whether it’s direct-to-chip, immersion, or chilled liquid cooling; and (2) maintenance responsibilities –define who is responsible for the maintenance and operation of the cooling systems, including any specialized training or expertise required.

  2. Power and Energy Efficiency Clauses
    Given that liquid cooling can greatly reduce energy consumption, it’s important to include provisions that address: (1) energy performance metrics – leases may introduce performance metrics related to energy usage effectiveness (PUE) and other efficiency benchmarks, incentivizing customers to optimize their operations; and (2) utility costs – clearly define how energy costs will be allocated, especially if liquid cooling systems lead to reduced energy expenses.

  3. Space Utilization and Density Specifications
    Liquid cooling allows for higher server density, which may require: (1) space allocation clauses – leases should address how much space will be allocated for cooling systems versus server racks, ensuring that both parties understand the implications for physical layout; and (2) expansion rights – given the potential for increased density, clauses that allow for future expansion or reconfiguration of space may be necessary.

  4. Environmental and Sustainability Goals
    As organizations increasingly focus on sustainability, leases might include: (1) sustainability commitments – provisions that commit operators to provide infrastructure that supports sustainability initiatives, such as high-efficiency cooling systems or renewable energy sources; and (2) reporting requirements – provisions for regular reporting on energy consumption and environmental impact, allowing customers to meet their corporate ESG goals.

  5. Local Water Supply
    Liquid cooling can put a burden on the local water supply. Due diligence is performed to determine the amount of water that can be supplied to the data center facility, and agreements with the local water authority for the supply and reservation of water are required. Often additional infrastructure is needed requiring development agreements with the water authority. In order to address the burden on the water supply and to reduce water consumption costs, developers or users of data centers may partner with the water authority to develop reclaimed water systems.

  6. Insurance and Liability Provisions
    The introduction of liquid cooling systems can introduce new risks and require: (1) insurance coverage – leases should specify insurance requirements for potential risks associated with liquid cooling, such as leaks or equipment failure; and (2) liability clauses – clearly define liability in the event of cooling system failures, including damage to equipment or loss of data.

  7. Compliance and Regulatory Considerations
    As data regulations evolve, it is essential to include clauses that address: (1) regulatory compliance – ensure that cooling systems comply with local and national regulations regarding safety, energy efficiency, and environmental standards; and (2) adaptability – allow flexibility for future technological advancements or regulatory changes that may impact cooling requirements.

  8. Exit Strategies and Decommissioning
    Finally, leases should address the end-of-term implications: (1) decommissioning responsibilities – define responsibilities for decommissioning liquid cooling systems, including safe disposal of fluids and equipment; and (2) reinstatement obligations – specify conditions under which the premises must be returned, considering the state of the cooling infrastructure.

As liquid cooling technology continues to gain traction in data centers, the implications for leases and similar agreements will be significant. By proactively addressing the unique requirements and benefits of liquid cooling through carefully drafted provisions, both operators and customers can create agreements that support efficient, sustainable, and scalable data center operations. This foresight will not only facilitate smoother operations but also foster a collaborative partnership that adapts to the evolving needs of the industry.

David Kupetz, a partner in Troutman Pepper Locke’s Los Angeles office, authored the 2025 edition of the Collier Handbook for Creditors’ Committees published by LexisNexis.

The newest edition contains all the practical guidance and legal analysis members of a committee and committee counsel need for participation in the debtor’s reorganization, with forms, sample documents, and more. The handbook has been fully updated to reflect the latest changes in the law and contains the latest advice, analysis, and case law on all aspects of creditors’ committees in Chapter 11 cases, out-of-court workouts, Chapter 7 liquidation cases, and Chapter 9 municipal debt adjustment cases.

Read a portion of the handbook here and here for the full handbook (subscription required).

Troutman Pepper Locke’s Erin Whaley, Tammy Woffenden, and Paul Mahoney recently authored a Reuters Legal News article, “At JP Morgan Conference, Health Care Investors Gear Up for Transformative Legal Developments,” where they discuss upcoming regulatory considerations and market trends they expect to be top of mind for investors at the conference and going into 2025.

Once a company files for Chapter 11 bankruptcy, it must sort through a myriad of potential issues and transition into operating as a business subject to the Bankruptcy Code. Through various “First-Day Motions,” a debtor will seek immediate relief to avoid a complete shutdown of the company’s operations and reduce the administrative burdens associated with bankruptcy.

This article discusses the different First-Day Motions, their role in a Chapter 11 bankruptcy, and how such motions can affect creditors and their rights. To access this article and read other insights from our Creditor’s Rights Toolkit, please click here.

On January 6, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published significant proposed amendments (proposed rule) to the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Key drivers for the proposed rule include the dramatic increase in cyberattacks, including ransomware, the rapid adoption of cloud computing, mobile devices, and other technologies, and inconsistent compliance with the existing Security Rule identified by the OCR’s investigations.

The proposed rule introduces changes that will modernize the Security Rule, including certain technical aspects (e.g., patching, encryption, multifactor authentication, penetration testing), as well as training and awareness regarding social engineering to help address and mitigate against common breach issues. However, the inventory, mapping, assessment, analysis, testing, audit, and verification requirements may be burdensome and challenging to achieve and maintain for entities that do not have the ability to draw on readily available resources. We also note that the OCR’s cost estimates for these initiatives (Tables 6 and 7) could be significantly understated.

For example, the proposed rule would require regulated entities to:

  • Maintain an accurate and thorough inventory of their technology assets and create a network map of their electronic information systems, which must be updated at least every 12 months.

  • Conduct and document an annual audit of compliance with each standard and implementation specification of the Security Rule (in addition to the annual risk analysis).

  • Conduct vulnerability scanning at least every six months and penetration testing at least every 12 months.

  • Verify business associate/subcontractor technical safeguards at least every 12 months as part of the business associate agreement contracting process, including a written analysis of the business associate’s information systems and certification by an authorized person at the business associate.

  • Establish and implement a written contingency plan that includes procedures for data backups, disaster recovery, and emergency mode operations. Notably, disaster recovery plans must now set forth a procedure for restoring critical systems within 72 hours of a loss.

For organizations that have self-funded health benefit plans, note that the proposed rule will require Security Rule compliance by any plan sponsor that receives ePHI from a group health plan beyond summary health information for premium bids or to modify, amend, or terminate the group health plan, enrollment/disenrollment information, or ePHI pursuant to an authorization.

The proposed rule includes a transition period to allow regulated entities time to comply with the new requirements. Entities will be expected to comply with the new requirements within 180 days of the effective date of the final rule. Entities will also have additional time to update their business associate agreements, which will be by the earlier of the contract renewal date or within one year of the final rule’s effective date. Public comments on the proposed rule are due within 60 days of its publication in the Federal Register on January 6.

At this point, we suggest that stakeholders analyze how the potential changes may generally impact their organization and existing HIPAA programs, develop a plan for allocating resources to achieve and manage the potential ongoing compliance obligations, and closely monitor the progress of, and any changes to, the proposed rule.

The Troutman Pepper Locke team is ready to assist with your HIPAA, privacy, cybersecurity, and compliance needs. We will keep you up to date on any updates surrounding the proposed rule. Please contact Brent Hoard at brent.hoard@troutman.com or Emma Trivax at emma.trivax@troutman.com for more information or if you are interested in submitting a public comment to the proposed rule.

This article was republished in The Fashion Law on January 24, 2025 and Thomas Reuters’ The Licensing Journal on February 1, 2025.

Conventional notions of trademark law suggest that emulating a popular product or service carries certain legal risks. However, a recent federal ruling highlights the complexities of trademark infringement cases involving “dupe” products, and shows there may be a greater tolerance for mimicry in some industries.

In December, a California federal judge ruled that e.l.f. Cosmetics’ (ELF) “Lash ‘N Roll” mascara product did not infringe on the trademark or trade dress of Benefit Cosmetics’ (Benefit) “Roller Lash” mascara and “Hook ‘N’ Roll” applicator brush, despite ELF’s admission that it took cues from Benefit’s mascara when developing its product.

“Dupes” — products that mimic the appearance and function of popular items — are particularly prevalent in the cosmetic industry, where high-end products can be expensive and less accessible to some consumers. This case serves as a reminder that dupe products walk a fine line, and the scale can tip either way based on the facts and circumstances of a particular trademark infringement case.

Case Overview

The dispute centers around the Roller Lash mascara product owned by premier beauty brand Benefit. Benefit is known for its catchy and often retro-styled branding. Roller Lash, marketed to curl and lift lashes, includes an applicator known as a “Hook ‘N’ Roll” brush. Roller Lash mascara (including the applicator brush) has achieved more than $278 million in revenue from U.S. sales since its release in 2015.

Benefit sued ELF for trademark and trade dress infringement following ELF’s release of its own curling mascara known as Lash ‘N Roll in 2022. Among its claims, Benefit asserted that Elf sought to capitalize on Benefit’s success by copying the Benefit products’ “name, packaging, and marketing wholesale.” ELF admitted to releasing the product as a nod to the popular Benefit product, although the Lash ‘N Roll wordmark also aligns with ELF’s music-inspired mascara line, which includes products like “Lash Beats” and “Lash It Loud.”

[1]

Despite ELF’s admission that it intended to closely mimic the Benefit mascara product,[2] the court found that there was no likelihood of confusion to warrant a finding of trademark infringement, concluding “Benefit has not shown that Lash ‘N Roll, while it is a ‘dupe’ of Roller Lash, actually dupes any consumers.”

Some of the court’s most significant findings with respect to Benefit’s trademark and trade dress infringement claims include:

  • The products have distinguishable secondary packaging: While the court acknowledged that Benefit’s trade dress had commercial strength and that the primary packaging was similar, it ultimately focused on ELF’s distinguishable secondary packaging, which prominently features its house mark and has design elements to distinguish it from Benefit’s product.
  • Benefit failed to take steps to establish actual confusion: Benefit did not provide sufficient evidence of actual consumer confusion, despite the products co-existing for two years. Benefit also did not conduct any study or survey to support actual consumer confusion, though the court noted that it had the resources to do so. The court explicitly stated that this inaction necessitated a negative finding against Benefit for this factor.
  • Beauty consumers exercise a high degree of care: Benefit argued that most beauty purchasers are impulse buyers who do not exercise a high degree of care when making a purchase, increasing the likelihood of confusion. The court did not agree, pointing out that Benefit’s marketing tactics and efforts reflect the value of brand awareness and that beauty consumers are sophisticated purchasers. The court also cited that the significant price difference between products ($6 versus $29) would immediately catch a consumer’s attention.
  • The products are sold and marketed through different channels: The court determined that Benefit is considered a “prestige” beauty company that sells its products in department and specialty beauty stores (e.g., Sephora and Ulta). ELF is what the court described as “a mass company,” that sells products in big-box and drug stores. Even where there is marketing overlap — such as Target and Ulta — the products are segregated, with prestige brands like Benefit cordoned off in a different section from mass cosmetic products. The court found that this factor makes it less likely for there to be confusion between the products.
  • ELF did not intend to deceive the consumer. Despite ELF’s acknowledgement that it intended to mimic Benefit’s product, the court determined there was no intent to deceive the consumer as to the product’s origins. Instead, the court concluded that ELF intended to offer customers a less expensive alternative to Benefit’s popular curling mascara product. ELF also demonstrated that it created the product consistent with its own broader musical theme branding, independent of its intent to cue to Roller Lash.

Key Takeaways

Here are some key takeaways from the case to consider going forward:

1. Cue to other products with caution. Businesses should not interpret this ruling as open season on popular brands and products and start making dupe products of their own without first conducting a legal evaluation. This case involved a delicate balance of multiple factors and considerations that tipped the scale in ELF’s favor.

Each industry, market, brand, and product or service is unique and could result in a different outcome. If your organization wishes to make a nod to another product or service, it’s essential to consult with an experienced intellectual property attorney to assess legal risk.

2. Product similarity does not always equal a slam dunk infringement claim. Products with the same purpose can look remarkably similar, but if there is no likelihood of confusion, there are no grounds for trademark or trade dress infringement. In this case, Benefit’s lack of any evidence of actual confusion and its lack of any studies or surveys evidencing the likelihood of confusion worked against it. In addition, Benefit focused on the similarities of the products’ primary packaging, not considering the packaging as a whole, including the products’ distinguishable secondary packaging.

When pursuing trademark or trade dress infringement claims against another party for a dupe product, don’t assume perceived similarities will automatically result in a finding of likelihood of confusion. Before proceeding with litigation, potential plaintiffs should evaluate whether there’s evidence of actual consumer confusion and, to the extent necessary, conduct consumer surveys for additional evidentiary support. It’s also important to take into account the entirety of the trade dress, including both primary and secondary packaging.

3. Does an intent to copy create risk of punitive damages? While this case opinion notes that intent to copy,[3] but not deceive, can be a neutral or favorable factor in finding a low likelihood of confusion, it may backfire when it comes to damages. For example, if a court finds a likelihood of confusion after balancing all the relevant factors, an organization’s “intent to copy” could potentially become an unfavorable factor in determining punitive damages under state law. For example, punitive damages can potentially be triggered in states like California when there is willful or malicious conduct.

[1] Benefit Cosmetics LLC v. E.L.F. Cosmetics, Inc., No. 3:23-cv-00861, Dkt No. 1, at 6.

[2] Benefit contended that Lash N’ Roll infringed on both its Roller Lash and Hook ‘N’ Roll word marks individually. However, the court’s discussion predominately focused on Roller Lash, noting that Lash ‘N’ Roll only appears on the side and back of secondary packaging for Roller Lash, with smaller font than Benefit’s house mark or Roller Lash word mark.

[3] The court also noted that ELF’s intent to “cue” was not quite an intent to “copy.”

Last quarter, our attorneys had the privilege of attending three prominent health care conferences, each of which offered a wealth of knowledge and insights into the current and future landscape of the health care industry. Our conference tour included:

Two major themes appeared universally at all three conferences: the legal challenges associated with of the rise of artificial intelligence (AI) and the heightened government enforcement activities in the health care space.

AI: The Future of Health Care

AI emerged as a central topic of interest and concern across all the conferences. The discussions underscored AI’s transformative potential in various aspects of health care, from data procurement and tracking technologies to innovative patient care solutions. However, the use of AI is not without potentially significant risks to those operating in the health care industry.

  1. Patchwork State Laws Complicate AI Compliance: One of the primary areas of concern is the evolving regulation of AI in health care. As AI technologies become more integrated into health care systems and the provision of patient care, health care organizations and AI vendors are facing greater compliance challenges. State regulation of AI is on the rise, requiring AI vendors and users to comply with a patchwork of state law requirements that are constantly changing and not uniformly consistent across jurisdictions. Until there is a cohesive federal framework in place, health care organizations and AI vendors must continually track new state legislation and consider how compliance standards may vary across state lines.

  2. Responsible AI Use Is a Top Priority: Legal considerations related to data ownership, consent, and the ethical use of patient information are top of mind going into 2025. AI’s ability to handle vast amounts of data efficiently is revolutionizing data procurement and tracking. Advanced algorithms can analyze patient data to identify trends, predict outcomes, and personalize treatment plans. However, providers must still ensure that AI is merely being used as a tool, and is not replacing independent medical judgment, in addition to complying with state medical board requirements for AI tools and the practice of medicine. This often requires a provider to review AI recommendations before they are implemented and/or make their way to the patient or into their chart.

    Additionally, there is growing concern about what AI means for patients’ protected health information (PHI) and whether it will remain secure amidst technological advancements. To address these security challenges, organizations must implement comprehensive safeguards and controls. This includes securing data pipelines, maintaining robust digital certificates to ensure data authenticity, and adhering to frameworks like the EU AI Act and NIST (National Institute of Standards and Technology) guidelines, which provide structured approaches to AI governance based on risk stratification.

  3. Innovation in Patient Care vs. Risk Mitigation: Health care organizations must continue to balance the risks and rewards of AI use in patient care. AI is driving innovation by enabling more accurate diagnoses, personalized treatment plans, and improved patient monitoring. From AI-powered diagnostic tools to robotic surgery, the potential applications are vast and varied. The challenge lies primarily in integrating these technologies into existing health care frameworks while ensuring they enhance, rather than replace, human expertise.

    Overall, safe and effective AI governance requires a multidisciplinary approach involving clinicians, legal, IT, security, and business stakeholders. Training and awareness programs are crucial to ensure that all team members understand the regulatory landscape and know how to handle AI-related issues. By fostering a culture of risk awareness and implementing thorough data protection measures, health care organizations can harness the benefits of AI while mitigating associated risks.

Enforcement: A Focus on Compliance and Quality of Care

Government enforcement agencies are intensifying their scrutiny of various aspects of the health care industry. Key areas of focus include:

  1. Medicare Advantage: Medicare Advantage Organizations (MAOs) should prepare for continued scrutiny from the Office of Inspector General (OIG) and Department of Justice (DOJ) in 2025. This focus is consistent with DOJ enforcement efforts demonstrated throughout 2023 and 2024 in the Medicare Advantage space — particularly with respect to capitated payment fraud and abuse. Capitated payments are fixed monthly payments that MAOs receive (typically from Centers for Medicare & Medicaid Services (CMS)) for each enrollee’s health benefits, which are often adjusted for each enrollee based on a variety of health factors.

    Enforcement agencies are aiming to root out harmful MAO strategies that may limit enrollees’ access to care — such as denying authorization or payment for services — in order retain a larger share of the fixed payment. The government will also continue to scrutinize how MAOs are reporting enrollee health conditions to ensure MAOs are not incorrectly submitting diagnosis codes in order to increase enrollees’ risk adjusted payments. In addition, on December 11, the OIG released a Special Fraud Alert warning about the fraud and abuse risks in marketing arrangements related to MA plan enrollment.

  2. Pharmaceutical Pricing: Enforcement agencies also continue to scrutinize drug pricing practices to promote pricing fairness and transparency. This includes investigating potential price gouging and pricing strategies that could exploit vulnerable populations. Enforcement agencies are also assessing patient assistance programs that subsidize patients’ out-of-pocket costs and how such programs may contribute to increased costs for Medicare.

  3. Nursing Home/LTC Compliance: Long-term care facilities should also be prepared for continued government enforcement focus on quality-of-care initiatives. With facilities already preparing to implement compliance measures related to CMS’s new staffing mandates, the OIG has now released its Industry Segment-Specific Compliance Program Guidance (ICPG) for nursing homes. The nursing home-specific ICPG underscores the government’s continued focus on improving quality of care in long-term care facilities. This guidance is designed to assist nursing homes in developing and implementing effective compliance programs aimed at enhancing care quality and preventing fraud and abuse, and likewise serves as a guidepost of sorts for what government enforcement agencies will expect to see when conducting compliance-related investigations. Among other things, the ICPG stresses the necessity of comprehensive compliance programs that address quality of care, billing practices, and other vital areas.

Conclusion

The conferences provided a comprehensive overview of the current trends and challenges in the health care industry. As the industry continues to evolve, staying informed and adaptable will be key to navigating these legal developments and delivering of high-quality, compliant, and innovative patient care.

Our team published new content and podcasts to the Consumer Financial Services Law Monitor throughout the month of December. To catch up on posts and podcasts you may have missed, click on the links below:

Banking

CFPB Releases Semiannual Regulatory Agenda Amid House Financial Services Committee Leaders’ Calls to Halt Rulemaking

NCUA Issues Guidance to Federal Credit Unions on Overdraft and NSF Fee Practices

OCC Releases Updated UDAAP Supervision and Examination Procedures Booklet

Consumer Financial Services

October 2024 Consumer Litigation Filings: Everything Up

September 2024 Consumer Litigation Filings: Mostly Down for Month But Still Up YTD

Consumer Financial Protection Bureau (CFPB)

CFPB Urges Other Regulators to Take Action on So-Called Bait-and-Switch Credit Card Rewards Tactics

CFPB Releases Supervisory Highlights Focusing on Student Loan Practices

CFPB Finalizes Rule on Overdraft Fees for Large Financial Institutions

CFPB Initiates FCRA Rulemaking to Address Coerced Debt

Texas Federal Court Denies CFPB’s Motions and Finds Plaintiffs Likely to Succeed on the Merits in Significant Credit Card Late Fee Rule Decision

CFPB Finalizes Rule on Federal Oversight of Digital Payment Apps

Federal and State Financial Agencies Issue Guidance on Elder Financial Exploitation

The CFPB Proposes New FCRA Rule to Dramatically Expand Its Scope, Though Finalization is Unlikely

Mortgage Lending

Troutman Represents all Fifty States Bankers Associations in D.C. in Tenth Circuit DIDMCA Opt-Out Litigation

Debt Buyers + Collectors

Sixth Circuit Confirms No FDCPA Violation for Debt Collection Within the Statute of Limitations

Regulatory Enforcement + Compliance

FTC and Illinois AG Secure $20M Settlement with Leader Automotive Group Over Allegedly Deceptive Practices

Eleventh Circuit Judges Question FCC’s One-to-One Consent Rule

FTC Releases Final Junk Fee Rule, Modified to Target Live-Event Tickets and Short-Term Lodging

FTC Distributes $540,000 in Refunds to Victims of Deceptive Debt Collection Scheme

Podcasts

The Consumer Finance Podcast – Uncovering Disparities: The CFPB’s Small Business Lending Study

The Consumer Finance Podcast – What Financial Services Companies Need to Know in a Second Trump Administration

The Consumer Finance Podcast – The CFPB’s Nonbank Registry Rule: Challenges and Implications

The Crypto Exchange Podcast – Understanding the DFPI’s Proposed Rules: A Deep Dive Into California’s Digital Financial Assets Law

FCRA Focus Podcast – The FHA’s Impact on Consumer Reporting Agencies

Moving the Metal: The Auto Finance Podcast – 2024 Privacy Trends and Their Impact on Auto Finance

The Payment Pros Podcast – Understanding the DFPI’s Proposed Rules: A Deep Dive Into California’s Digital Financial Assets Law

The Payment Pros Podcast – Navigating CFPB Enforcement: Key Takeaways From the Global Tel Link Consent Order

Newsletters

Weekly Consumer Financial Services Newsletter – Week of December 23, 2024

Weekly Consumer Financial Services Newsletter – Week of December 16, 2024

Weekly Consumer Financial Services Newsletter – Week of December 9, 2024

Weekly Consumer Financial Services Newsletter – Week of December 2, 2024