The discretion of the Securities and Exchange Commission to use its own in-house judges to hear cases was dealt a body blow on May 18 by the U.S. Court of Appeals for the Fifth Circuit.  That Court determined that defendants in such cases are deprived of their Seventh Amendment right to a jury trial, and that Congress’s delegation of that discretion was unconstitutional because it was not accompanied by any “intelligible principle by which the SEC could exercise the delegated power.”

The Dodd-Frank legislation enacted in 2010 gave the SEC the unfettered right to determine whether to bring securities fraud actions for monetary penalties against non-registrants in either its in-house tribunals or in Article III courts. It has bothered many in the securities enforcement defense bar that the agency’s determination as to where to proceed was a proverbial black box.  Securities defense counsel has had a lot of experience in trying to persuade the agency to exercise its discretion to reduce charges or to not bring charges at all, but why the Commission chose a particular tribunal was often a mystery. For the most part, prospective defendants typically preferred the protections of federal court proceedings rather than the home turf of the agency’s administrative judges.

While earlier litigation had challenged the authority of the SEC’s administrative law judges to hear these kinds of cases based on how they were appointed (and resulted in changes to the appointment process), the Fifth Circuit decision in Jarkesy v. SEC is the first Circuit to determine that these administrative proceedings violated a defendant’s right to a jury trial. In that case, George Jarkesy established two hedge funds and appointed Patriot28 as the investment advisor.  At their peak, the funds held about $24 million in assets. The Commission brought charges against Jarkesy and Patriot28 (“petitioners”) in its own tribunal, alleging that they made misrepresentations to investors and overvalued the funds’ assets to inflate the fees they could charge.  In finding against the petitioners, the ALJ held that they committed securities fraud, and ordered that they pay a civil penalty of $300,00 and disgorge $685,000, a ruling which was affirmed by the Commission. The Commission also rejected several challenges raised by the petitioners, determining, inter alia, that the Commission did not use unconstitutionally delegated legislative power, did not violate separation of powers principles, and did not abridge the petitioners’ Seventh Amendment right to a jury trial.

Jarkesy and Patriot28 appealed the Commission’s decision to the Fifth Circuit, which overturned the SEC’s judgment based on two independent rationales. With respect to the Seventh Amendment right to a jury trial, the Court rejected the SEC’s argument that its claims constituted distinctly “public rights” created by statute. Public rights, according to the U.S. Supreme Court, are created by statute where the right is closely integrated with a comprehensive regulatory scheme such that the right is appropriate for agency adjudication.[1] Securities fraud claims, the Circuit reasoned, are analogous to fraud claims that have long been brought under common law. The Court expounded at length on the importance the Founding Fathers placed on jury trials as a check on government authority and noted that the SEC had brought many cases before juries in federal courts.  Thus, the enforcement of securities fraud law is not so integrated with a comprehensive regulatory scheme such that requiring the SEC to proceed before juries would disrupt that enforcement. Defendants are therefore entitled to a jury trial in federal court when they are faced with securities fraud claims in which penalties are sought.

The second basis the Fifth Circuit identified for overturning the SEC’s decision was that Congress had unconstitutionally delegated its power to select a forum for enforcement by permitting the agency to have the discretion to choose that forum. While Congress can permit discretion to an agency, that discretion must have some “intelligible principle” for its exercise. The Court found that there was no such principle in the statute and rejected the SEC’s argument that the forum selection decision was simply another form of prosecutorial discretion. While the agency has the discretion to decide whether and what to charge, the Court found that the discretion at issue here implicated the procedural rights afforded to a defendant.

We likely have not seen the end to these issues being litigated in the courts, not only in SEC enforcement actions, but also in other administrative enforcement schemes. As a Fifth Circuit decision, this case constitutes precedent for cases in its jurisdiction of Texas, Louisiana and Mississippi. The SEC could well decide to seek a rehearing en banc to the full appellate court or seek certiorari review in the U.S. Supreme Court, and, of course, other circuit courts will also weigh in when these issues come before them.  What is certain is that expansion of the reasoning of Jarkesy to other administrative enforcement schemes is sure to follow and may stymie the efforts of agencies like the Federal Trade Commission and the Commodity Futures Trading Commission that bring many of their cases before administrative law judges.


[1] Granfinanciera, S.A. v. Nordberg, 492 U.S. 33, 54 (1989)

In a 2021 Executive Order on Promoting Competition in the American Economy, President Biden referred to antitrust as the “first line of defense against the monopolization of the American economy.”  Now—in the parlance of a time-honored coaching cliché—the Administration is strengthening that defense by going on offense.

During remarks at two recent American Bar Association conferences—the White Collar Crime National Institute in early March and the Antitrust Law Spring Meeting last week—the Antitrust Division of the Department of Justice said it intended to bring new criminal monopolization cases under Section 2 of the Sherman Act.  The Division has not minced words while staking this aggressive course.  Deputy Assistant Attorney General Richard Powers said  the Division “absolutely” intended to bring criminal prosecutions under Section 2.[1]  And Jonathan Kanter, the recently appointed head of the Division, confirmed the shift in policy by reiterating the Division’s power to bring such prosecutions under the statute and simply telling those looking for further guidance to “read the cases.”  Although there is no question that the Sherman Act allows for criminal penalties,[2] that statement was somewhat surprising given the complete lack of criminal enforcement in this area over the past several decades.  The Division has not indicted anyone under Section 2 since the 1970s, so these pronouncements mark a significant change in U.S. criminal antitrust enforcement, which had remained fairly consistent for the past 50 years.

Perhaps this should not come as too much of a surprise.  There has been a groundswell of bipartisan political support for increased antitrust enforcement, and, as one antitrust scholar recognized in 2019, “the populist resurgence in antitrust, taken to its logical conclusion, would be to ‘reinvigorate’ antitrust law with criminal prosecutions for conduct via statutory antitrust law that is already available and which technically still remains good law.”[3]  In January 2022, Kanter decried “a dearth of Section 2 case law” and promised that the Division would litigate more cases rather than settle, including by taking “risks and ask[ing] the courts to reconsider the application of old precedents to [modern] markets.”  Bringing criminal monopolization charges would be consistent with the Division’s aggressive posturing and apparent desire to revive an approach to antitrust that had fallen out of vogue.  Alas, the Biden Administration’s journey back to the antitrust future continues apace.

Given the lack of recent criminal monopolization prosecutions, however, this policy shift raises serious constitutional questions concerning due process, fair notice, and burdens of proof.  This blog post will first set the table with some historical and legal context concerning criminal antitrust enforcement and then identify and discuss some of the legal and policy issues raised by potential criminal monopolization prosecutions.

A (Very) Abridged Historical Summary of Criminal Antitrust Enforcement

Since the enactment of the Sherman Act in 1890, criminal enforcement of the statute has focused mostly on collusion and cartels under Section 1, which prohibits contracts and agreements that unreasonably restrain trade.  There are many reasons for this focus on collusion.  One is that this type of conduct is considered inherently anticompetitive and therefore per se illegal i.e. prohibited without regard to its actual effect on the market or any potential economic justifications.  The Division’s use of its limited prosecutorial resources has focused on the most egregious conduct, which includes price fixing, bid rigging, and market allocation. Another reason is that a policy choice was made to avoid deterring potentially procompetitive business conduct and encouraging businesspeople to be more risk averse.  In other words, the policy has been to avoid over-criminalizing business behavior on the theory that, at the margin, it is better to avoid curtailing such behavior than discouraging lawful, procompetitive behavior.  As the U.S. Supreme Court has recognized, possessing monopoly power and charging monopoly prices are not inherently illegal.  To the contrary, “it is an important element of the free-market system” because it “attracts ‘business acumen’ in the first place; it induces risk taking that produces innovation and economic growth.”[4]

Although cartels have been the predominant focus of criminal antitrust enforcement, there were times when criminal enforcement focused on non-collusion offenses (e.g., monopolization and resale price maintenance under the Robinson-Patman Act) as well, particularly in the middle of the 20th Century.  Even during that time, however, criminal penalties were limited mostly to fines, not imprisonment, and imprisonment generally was reserved for cases that involved violence.[5]  In the 1970s, Congress increased the penalties for criminal antitrust violations, turning what had—for eighty years—been misdemeanors into felonies.  Increased criminal penalties may have reflected political concern about anticompetitive conduct, but criminal prosecutions outside the context of collusion remained rare.  Indeed, unilateral conduct has “not generally been regarded as suitable for criminal prosecution,” and the Division has not brought a criminal Section 2 case since the mid-1970s.[6]  If the aforementioned recent pronouncements are any indication, the Division’s singular focus on collusion may be coming to an end.

Criminal Monopoly Charges Would Raise Legal and Economic Questions

Section 2 of the Sherman Act prohibits monopolization, attempted monopolization, and conspiracy to monopolize.  See 15 U.S.C. § 2.  Proving monopolization requires a showing of “(1) the possession of monopoly power in the relevant market and (2) the willful acquisition or maintenance of that power as distinguished from growth or development as a consequence of a superior product, business acumen, or historic accident.”[7]  Proof of the first element alone is not sufficient because, as noted above, monopoly power is not illegal by itself.[8]

From this formulation of the elements of monopolization, one thing that jumps out as different from a per se case under Section 1 for illegal price fixing, bid rigging, or market allocation is the requirement of market power, which presupposes that the government would have to plead and prove a relevant antitrust market with geographic and product components, and that the defendant possessed the mens rea required to monopolize that antitrust market.  Doing so would be no small feat.  In civil cases brought under Section 2 and non-per se Section 1 cases adjudicated under the rule of reason, proving a relevant market and market power usually requires in-depth analysis of the specific facts of a given case, bolstered by the expert testimony and opinions of an economist.  The same would be true in a criminal case. Accordingly, the level of legal and economic analysis required to assess the propriety of the conduct at issue in a monopolization case is heightened compared to a per se Section 1 case.

The necessity of such a fact-intensive inquiry by itself suggests that monopolization cases may not be appropriate for criminal prosecution and raises constitutional concerns concerning fair notice.  A federal criminal statute must be “reasonably clear . . . that the defendant’s conduct was criminal” at the time it was committed.[9]  Because monopolization has not been charged criminally for 50 years, this lack of usage could bolster arguments based on desuetude (which basically means “use it or lose it”) and due process.[10]  Further, the lack of criminal monopolization cases—and the government’s long-standing position that it would not enforce Section 2 criminally—could lend itself to an argument that the void-for-vagueness doctrine prohibits criminal prosecutions under Section 2 because of the lack of fair notice.[11]  The illegality of conduct subject to the rule of reason may not be certain enough to justify criminal proscription through federal common law.  Finally, it is questionable whether a rule-of-reason inquiry could apply in a criminal case, given the beyond-a-reasonable-doubt standard and the burden of proof resting at all times with the government.  For example, could a court shift the burden to a criminal defendant to prove procompetitive benefits?

* * *

Expanding criminal enforcement raises interesting legal questions of constitutional law and interesting practical ones regarding how such a case would be proved in court.  One thing is clear – the enforcement landscape is changing radically and rapidly.  Whether these enforcement efforts will actually change antitrust law is yet to be seen and will be decided in the courts.  We should brace ourselves for the ride and remain vigilant to court decisions on these issues.

[1] Michael Acton, US DOJ stands ready to bring criminal charges in Section 2 monopolization cases, Powers says, MLex, Mar. 2, 2022 (available at

[2] 15 U.S.C. § 2 (“Every person who shall monopolize, or attempt to monopolize, or combine or conspire with any other person or persons, to monopolize . . . shall be deemed guilty of a felony” subject to fine and imprisonment up to ten years.).

[3] D. Daniel Sokol, Reinvigorating Criminal Antitrust?, 50 Wm. & Mary L. Rev. 1545, 1549, available at

[4] Verizon Communications Inc. v. Law Offices of Curtis V. Trinko, LLP, 540 U.S. 398, 407 (2004).

[5] Sokol, supra, at 1571 (“[T]he total number of incarcerations for monopolization in the history of the Sherman Act is incredibly rare and has not been a part of antitrust life for more than a generation.”)

[6] Donald I. Baker, The Use of Criminal Law Remedies to Deter and Punish Cartels and Bid-Rigging, 69 Geo. Wash. L. Rev. 693, 695 (2001).  Baker cites United States v. Empire Gas Co., 537 F.2d 296 (8th Cir. 1976), as the last case where the Division brought a Section 2 case, noting that “the government lost on the ground that it failed to show a dangerous probability that the defendant would succeed in monopolizing the relevant markets,” even though violent conduct (blowing up competitors’ vehicles) was involved.  Id. at 695 n. 14.  See also Sokol, supra, at 1557.

[7] United States v. Grinnell Corp., 384 U.S. 563, 570­71 (1966).

[8] Verizon, 540 U.S. at 407.

[9] United States v. Lanier, 520 U.S. 259, 267 (1997).

[10] Sokol, supra, at 1564 (“Desuetude is a concept where a practice that has bene fixed by law loses its authority due to a lack of usage.”), 1573 (arguing that “a revival of criminal enforcement for Sherman Act violations that are noncollusive are desuete and not valid as statutes for further criminal enforcement”).

[11] Id. at 1577 (“[W]hen the government charges price-fixing, the clarity of the prohibition and the long line of cases have permitted courts to overlook what is a federal common law prohibition in a regime where there is supposedly no federal common law of crime.  The nature of the rule of reason inquiry does not easily lend itself to this criminal standard.  Going beyond this core prohibition would raise grave (and probably winning) due process challenges under the void for vagueness doctrine.”).

In the early afternoon on January 9, 2022, 8,888 “Frosties” non-fungible tokens (NFTs) were sold for 0.04 Ether each, selling out in just forty-eight minutes. These NFTs promised purchasers a unique NFT digital “Frostie” image, staking, NFT breeding, and additional rewards tied to a yet-to-be-released metaverse game. The only problem? None of the associated benefits existed and the sellers promptly deactivated the “Frostie” social media presence, closed shop, and went silent, pocketing about $1.1 million.

The sellers were two 20-year-olds, Ethan Nguyen and Andre Llacuna. According to the U.S. Attorney for the Southern District of New York, the two executed a “rug pull,” a trending term for a fraud scheme where sellers pitch a detailed digital asset investment opportunity and business plan to buyers only to take their money and disappear—pulling the “rug” out from under purchasers. Nguyen and Llacuna now face criminal charges for conspiracy to commit wire fraud and conspiracy to commit money laundering.

The criminal complaint, which was filed March 15 and unsealed on March 24, details how Nguyen and Llacuna utilized multiple crypto wallets, intermediaries, smart contracts, IP masking, and purported crypto “mixer” services to execute their scheme. In the end, it appears investigators had little difficulty uncovering the scheme and tracking down the perpetrators whose actions were largely memorialized on the public Ethereum blockchain.

To execute their rug pull, the defendants established the Frosties NFT smart contract which also served as the first of several crypto wallets that Nguyen and Llacuna would use. As part of the smart contract, Nguyen and Llacuna inserted a conditional withdrawal function that, when executed, would transfer all of the Ether collected in the smart contract wallet over to a separate wallet controlled by Nguyen and Llacuna. From that wallet, the defendants transferred the Ether to yet another wallet and then made three smaller transfers to the “mixer” service Tornado Cash, which commingled the Ether from the defendants with Ether from other users—to scramble and anonymize the true source of the Ether—and then distributed the Ether to several intermediary wallets in smaller quantities which, in turn, distributed the Ether to Coinbase wallets owned by Nguyen and Llacuna. According to investigators, “the blockchain recorded [the] series of cryptocurrency transactions” – enabling investigators to see through the scrambling and to trace the transactions back to the original wallets and smart contract, which had been opened using IP addresses, email addresses, and phone numbers linked to Nguyen and Llacuna.[1]

This pattern of transfers between intermediary wallets is reminiscent of the classic account shell game that money launderers have long used to disguise cash and securities transactions and prevent detection by financial institutions’ anti-money laundering monitoring systems. Recognizing that this pattern applies equally to cryptocurrency transactions, Congress, in the Anti-Money Laundering Act of 2020, expanded the definitions of “money transmitting business” and “financial institutions” under the Bank Secrecy Act to include businesses engaged in the exchange or transmission of “value that substitutes for currency.” This placed crypto exchanges, like Coinbase, squarely within FinCEN’s regulatory purview.

The scheme deployed by Nguyen and Llacuna highlights the importance to exchanges and wallet services of maintaining thorough AML compliance programs. Indeed, the complaint might even serve as warning signal that more regulatory focus is on the horizon. The complaint explained that, “[t]o avoid anti-money laundering scrutiny and law enforcement detection, individuals in possession of illicit proceeds often insert intermediary [wallet] transactions between a KYC exchange like Coinbase and a high-risk source like Tornado Cash, a cryptocurrency mixer, to further obfuscate the source of funds.”[2]

While the complaint doesn’t fault Coinbase or any other exchange, nor does it suggest a gap in their compliance programs, exchanges might consider revisiting their fraud and AML monitoring practices in the wake of the Frosties prosecution. Transaction monitoring for intermediary transfers involving “mixer” protocols or transfers tied to NFT sales could become fertile ground for future regulation. Indeed, an expectation for more robust AML compliance programs has already begun to emerge from recent regulatory reports.

The Department of Treasury, for example, recently examined money laundering risks in the art market, including the market for NFTs.[3] A Treasury report stated that under some circumstances an NFT platform such as OpenSea may be considered a virtual asset service provider (VASP) and come under FinCEN’s regulations.  However, the report distinguished between NFTs used as payment or investment instruments and NFTs “that are unique, rather than interchangeable, and that are used in practice as collectibles.”[4] The Frosties NFTs would fall into the latter category.  Nonetheless, the Treasury report warned about various AML risks associated with NFT sales.  For the art market as a whole, the report concluded that “entities which have larger annual sales turnover and regularly transact in high-value art in the ordinary course of business may present a higher risk” and voluntary compliance programs may not be sufficient.  This signals that regulation in this area could expand in the future, though limited to certain segments of the market.  The report emphasized enhanced recordkeeping and information collection as options for the art market in combatting abuse by illicit actors.

While the money laundering concerns reflected in the Treasury report present a different risk from the fraud alleged in the Frosties complaint, the government urges a similar compliance action plan.  The scheme described by the Frosties prosecutors illustrates how criminal actors can utilize exchanges and other legitimate cryptocurrency services to commit fraud and distort the source and path of illicit proceeds, using new technology to commit a crime that seems all too familiar.  The characteristics of crypto technology provided both the means for the crime and the method by which the alleged wrongdoing eventually was traced and brought to an end by government investigators.

[1] United States v. Nguyen, 22-mag-2478, Complaint ¶ 16(d) (Mar. 15, 2022).

[2] Id.

[3] See Dep’t of Treasury, Study of the Facilitation of Money Laundering and Terror Finance Through the Trade in Works of Art (Feb. 4, 2022), available at:

[4] Id. at 26.

On January 1, 2021, Congress passed the National Defense Authorization Act for Fiscal Year 2021. Included among its provisions is the Corporate Transparency Act (CTA), which, in short, requires qualifying businesses to disclose so-called “beneficial owners.” The purpose undoubtedly is to root out shell companies that avoid detection, regulation or enforcement through complex, opaque ownership arrangements. While we cannot be certain how enforcement will take shape, companies should be aware of the CTA’s requirements to prepare for its enforcement.

The Problem: Shell Companies Hide Illegal Activity

Law enforcement officials believe that their ability to root out corporate crime of all kinds is hindered because individuals and companies can set up complex ownership structures of assets that hide the true beneficial owners. While forming or having a “shell company” – a business that exists only on paper, with no employees, no physical location and sometimes no disclosure of the owner’s real name – is not in and of itself illegal, it can be used to launder money and evade U.S. law enforcement. Sophisticated shell companies may be owned by a separate company or companies, using a Russian-doll ownership structure that eventually traces back to the ultimate owner, who may or may not be a criminal. The problem for law enforcement is that it is difficult to track back what may be many layers of ownership that have enabled the true owner to remain anonymous. The shell company may either have little legitimate business or no business at all; instead, it merely funnels back to the owners funds that may have been laundered by fraudulent invoices, fudged bookkeeping numbers, made-up accounts receivable or similar illegal yet easy-to-overlook activities that would not raise red flags with the government.

To be sure, while many U.S. companies use shells for legitimate purposes, they are also a favored means of laundering funds that are obtained through illegal activity.

Under the United States Code, “laundering of monetary instruments” is transacting in property while knowing that the property represents the proceeds of an unlawful activity and with the intent to promote or carry on unlawful activity or knowing that the transaction is designed to conceal or disguise the unlawful activity. Most people call it “money laundering” because the process “cleans” the property – usually money – of its illegal history and can be used with less worry that the government will investigate its use. Of course, money laundering does not actually clean the money; it remains tied to its original ill-gotten past, and money laundering is a crime in and of itself.

The Solution: The Corporate Transparency Act

Congress passed the CTA, which then-President Trump vetoed on December 23, 2020. The House of Representatives overrode the veto on December 28, and the Senate followed suit on January 1, 2021. The CTA became law the same day, although its provisions will not become effective until the U.S. Treasury Department promulgates implementing regulations, which is supposed to occur no later than January 1, 2022.

The CTA generally requires shell entities to report their ultimate ownership to the Financial Crimes Enforcement Network (FinCEN), an arm of the federal government, for cataloguing. More specifically, each “reporting company” must provide each “beneficial owner’s” full legal name, date of birth, current residential or business address, and either a unique identifying number from a passport or state-issued ID or a FinCEN identifier number. Because the CTA only affects “beneficial owners” and “reporting companies,” a critical question for businesses is whether they will be deemed to fall into those categories.

A beneficial owner is “an individual who, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, exercises substantial control over the entity; or owns or controls not less than 25 percent of the ownership interest of the entity.” A beneficial owner does not include

  • a minor child if the parent or guardian submits reporting information;
  • an individual acting “as a nominee, intermediary, custodian, or agent on behalf of another individual”;
  • “an individual acting solely as an employee” of a business entity who derives an economic benefit solely by virtue of their employment status;
  • an individual whose only interest in the entity was through inheritance; or
  • a creditor of the corporation, unless the creditor meets the requirements of the definition of a beneficial owner.

Because of the definition’s broad language, a shell company will need to trace its ownership outward from the Russian dolls it sits in to arrive back at each individual who either exercises substantial control over the company or possesses at least 25% of its ownership interest.

A reporting company is “a corporation, limited liability company, or other similar entity that is created by the filing of a document with the secretary of state or similar office under the law of a State or Indian Tribe; or formed under the law of a foreign country and registered to do business in the United States by filing a document with a secretary of state or similar office under the laws of a State or Indian Tribe….” A reporting company does not include

  • an issuer, broker, or dealer of securities or entity required to file information under section 15(d) of the Securities Exchange Act of 1934;
  • an entity exercising governmental authority on behalf of the United States or any State, Indian Tribe, or political subdivision;
  • a bank, credit union, bank holding company, or a money transmitting business as defined in various federal laws;
  • an exchange or clearing agency;
  • an investment company or adviser registered with the SEC or under the Investment Advisers Act;
  • an insurance company;
  • a registered entity under the Commodity Exchange Act;
  • a public accounting firm;
  • a public utility company;
  • a financial market utility;
  • a 501(c) nonprofit company, unless the organization loses tax exemption status and fails to cure that defect within 180 days;
  • a charitable or split-interest trust; or
  • other entities not listed here.

Because the new law targets shell companies, a reporting company also does not include an entity that employs more than 20 employees full-time, filed tax returns showing more than $5 million in gross receipts or sales (including receipts and sales of other entities through which that entity operates or owns), and has an operating presence at a physical office in the United States. There is also a grandfather clause that provides preexisting entities two years from the effective date of the act to file the required information.

A person who willfully provides false or fraudulent beneficial ownership information or willfully fails to complete the beneficial ownership information will be liable for a $500 civil penalty each day the violation continues and will suffer a fine of up to $10,000, imprisonment for not more than two years, or both. The CTA provides a liability exception for those who remedy the inaccurate information within 90 days, unless the inaccurate information was provided for purpose of delay and the person had actual knowledge of the inaccuracy. Additionally, a person who knowingly discloses or uses beneficial ownership information they obtain through a report or disclosure made to FinCEN shall be liable for a civil penalty of $500 per day of the violation, and suffer a fine of up to $250,000, imprisonment for not more than five years, or both. If the unauthorized use or disclosure of beneficial information is a part of a pattern of illegal activity involving more than $100,000 in a 12-month period, the fine increases to up to $500,000, and the term of imprisonment increases to not more than 10 years.

The CTA’s clear intended effect is to require those who control or own small companies to file certain identifying information with FinCEN, which can then examine the records to ensure accuracy and alert authorities to anomalous filings. The hope is that this process will permit easier tracking and investigation of these types of companies.

This overview of the CTA is not meant to be comprehensive. The CTA contains many more provisions and subtleties than are provided here, including guidance to regulating authorities. Strict compliance with the CTA is expected, so each business should review the specific requirements that apply to its circumstances.

Conclusion: The CTA is a Good Start on a Long Road

The CTA is a small step on a much longer journey. While its scope is appropriate to begin reining in the use of shell companies, the CTA’s success cannot be measured until long after its effective date. While law enforcement officials view it as an important tool in their efforts to combat money laundering and criminals will likely continue to find new ways of evading detection of ill-gotten gains, businesses that form shell companies for legitimate purposes should pay attention to the CTA’s requirements to avoid unwarranted scrutiny and suspicion.

Over the past few weeks, revelations of ransomware cyber-attacks on U.S. businesses have rocked the country’s infrastructure and have held hostage companies’ computer systems that are necessary to provide essential services to the nation.  In a typical ransomware attack, hackers exploit a security vulnerability to gain access to a company’s computer system.  After gaining access, the hacker will encrypt all or part of the system, rendering it inoperable or significantly crippled.  The hackers then demand a ransom payment in exchange for a decryption key that will unlock the computer system.  Recent ransomware attacks have focused on providers of essential products or public infrastructure, such as hospitals and medical providers, food distributors, energy companies, and public transit companies.

Prior to 2019, ransomware attackers mainly targeted data-rich companies, such as retailers or financial companies, relying on the potential loss or threatened exposure of customers’ personal data to incentivize companies to pay a ransom for the decryption key.  Over the last few years, ransomware attacks have become increasingly frequent for other types of businesses lacking in such personal data, including manufacturers or industrial companies.  In these attacks, the goal is to shut down a company’s operations, thereby forcing it to ransom the encryption key to get the business back up and running.

According to FBI Director Christopher Wray, reports of ransomware attacks have tripled over the past year.  The increased frequency and broader scope of ransomware attacks presents not only a business risk for a company, but legal and compliance risks as well.  In October 2020, the Treasury Department’s Office of Foreign Assets Control (“OFAC”) released an advisory statement that explained that many criminals responsible for ransomware appear on OFAC’s Specially Designated Nationals and Blocked Persons List (“SDN list”).  Under U.S. law, American companies and individuals are strictly prohibited from engaging in transactions with a sanctioned person or entity.    This means that if a company ransoms its data from a person who appears on OFAC’s SDN list, it may be held civilly liable under U.S. law, even if it was unaware that the ransomware hacker was identified on the SDN list.  Furthermore, criminal penalties of up to 20 years’ imprisonment are available where there is a reckless or willful violation of the sanctions laws.

Choosing whether or not to make a ransom payment can be a difficult one, but in order to minimize the risk of OFAC fines or penalties in connection with a payment, it is vital that a company have a risk-based compliance program in place that will operate to mitigate the risk that the company may take by making a ransom payment to a potentially sanctioned individual or entity.  An effective sanctions compliance program will include, among other things, a commitment from management, periodic risk assessment, effective internal controls, ongoing monitoring and testing, and training for employees.  Specifically, in circumstances involving ransomware, a compliance program must also assess and account for the risk that the payment may involve an embargoed nation or a person or entity appearing on the SDN list.

Although a company may not wish to publicize that it has been a victim of a ransomware attack, there is a strong incentive to promptly disclose a cyber-attack to law enforcement and to cooperate in any investigation:  OFAC views disclosure and cooperation as significant mitigating factors in the event that any ransom payment is later determined to have a sanctions nexus.  Further, companies that facilitate ransomware payments, including financial intermediaries, have their own anti-money laundering obligations under FinCEN regulations, including detecting, preventing, and filing suspicious activity reports for transactions that are indicative of illegal activity.

In addition to the OFAC and FinCEN rules that may apply to cyber-attacks, President Biden signed an executive order earlier this month designed to strengthen cybersecurity and prevent future ransomware attacks by, among other things, changing the manner in which federal agencies approach cybersecurity.  Although the executive order applies only to certain companies that do business with the federal government, cybersecurity experts have indicated that wide-scale adoption of the standards identified in the executive order would improve security performance and security standards across all industries.  Among other things, the executive order requires the adoption of multi-factor authentication, enhances encryption standards, and requires zero-trust architecture, which means that no device is considered “trusted,” even if it has been previously verified or connected to a managed corporate network.  Additionally, the executive order seeks to ease the current limitations on the sharing of information between federal agencies and directs federal agencies to create a response plan to any future cyber-attacks.

Ransomware attacks are designed to strike at the very core of a company’s operations, and a ransomware victim may be without the benefit of the company’s network while it tries to manage the attack.  As ransomware attacks become more widespread, it is critical that companies adopt and train on an action plan in the event of a cyberattack and have a fully developed sanctions compliance program in place to ensure that a ransomware attack does not balloon from a business and reputational risk to a civil or criminal mishap.

If it seems like 2020 was the year when everyone was talking about antitrust on their socially distant Zoom calls, that is because government antitrust lawyers have been busy. Just before the year began, the Department of Justice announced the formation of the Procurement Collusion Strike Force and, in January 2020, the Antitrust Division rolled out its new vertical merger guidelines. In the criminal realm, courts issued three antitrust fines at or above the $100 million statutory maximum, and the past year also saw the first-ever criminal antitrust indictment for wage fixing, which was brought in the Eastern District of Texas against the owner of a physical therapy staffing company.

Against this backdrop, the Department of Justice and the Federal Trade Commission have filed lawsuits asserting that pretty much the entire Internet is an antitrust violation, and they are seeking to break up the company that is probably the home page on your Internet browser. In addition, a bi-partisan group of state attorneys general filed their own antitrust lawsuit against tech companies, and then another subset of states filed yet another Internet antitrust lawsuit.

Not to be outdone, Congress also got in on the antitrust action. On December 8, 2020, Congress passed the Criminal Antitrust Anti-Retaliation Act of 2019, which was later signed into law. The statute, which took more than a year to be enacted, prohibits any employer from retaliating against an employee, agent, or contractor who reports a potential criminal antitrust violation to the federal government or an internal company supervisor. The statute also explicitly excludes from protection any person who planned and initiated an antitrust violation, attempted to obstruct an antitrust investigation by the Department of Justice, or engaged in another violation of the law in connection with an antitrust violation. The Anti-Retaliation Act provides that an aggrieved individual is entitled to “all relief necessary to make [him] whole,” which includes reinstatement, back pay with interest, and special damages, which includes litigation costs, expert witness fees, and attorneys’ fees.

Unlike some of the other antitrust developments in 2020, the passage of the Criminal Antitrust Anti-Retaliation Act requires some immediate action. First, a company’s whistleblower and compliance policies should be updated to ensure that no adverse action is taken against an employee who reports an antitrust violation. Because the protections of the law apply only to those whistleblowers who report criminal conduct, this effectively limits a whistleblower’s protection to complaints relating to price or wage fixing, bid rigging, output agreements, market or customer allocations, or naked no-poach agreements. Second, those individuals in a company’s compliance department or who are responsible for whistleblower reports must be educated on the antitrust laws in order to ensure the proper controls and procedures are followed once a report is received. Because a protected whistleblower claim will necessarily involve a report of a criminal antitrust violation, procedures should be implemented to ensure that the legal department is involved from the beginning of the process in order to ensure that a proper investigation is performed and the attorney-client privilege is protected.

We’re all waiting to see what 2021 will bring to the world of antitrust. More tech lawsuits? A chorus of criminal no-poaching cases? Increased antitrust prosecutions in government procurement? If 2020 is any indication, in-house counsel and compliance departments should keep their seatbelts fastened and prepare for another bumpy ride.

Trade secrets are often a company’s most valuable asset, whether those secrets involve cutting-edge medical research or the formula for Coca-Cola. Businesses must take significant steps to protect these valuable “crown jewels” at all costs, whether by securing them on a network or a locked room, encrypting them, or restricting employee access on a need-to-know basis. But these precautions don’t always protect the data as intended and valuable information can slip into the wrong hands, causing substantial harm to the business including, if the wrongdoer can be identified, costs pursuing damages in civil litigation.

Last week the U.S. Attorneys’ Office for the Southern District of Ohio announced that Yu Zhou, a Chinese national, pleaded guilty to conspiring to steal trade secrets from his employer for the benefit of the Chinese government. Zhou, along with his wife, Li Chen, admitted to conspiring to steal medical research aimed at treating several different liver diseases and a rare condition affecting premature infants. Chen pled guilty in July 2020. Zhou and Chen worked in different research labs at an Ohio hospital for nearly a decade. Their employment gave them access to the valuable scientific research which, they agreed, could be sold for personal profit in China. To facilitate their scheme, they established a company in China through which they would sell the research to others connected with the Chinese government, including the National Natural Science Foundation of China. They also co-founded their own company, GenExosome Technologies in the United States, which would sell products and services related to the technology.

The hospital had established protocols to protect its information, including (1) restricting physical access to research labs; (2) requiring employees to wear identification badges and sign security and confidentiality agreements; (3) establishing policies to protect patents and prohibit conflicts of interest; (4) requiring third parties to sign non-disclosure agreements; (5) restricting computer access; and (6) conducting regular training on handling confidential information. Despite these protections, Chen and Zhou were able to access and remove data and establish companies in China and the United States to profit from their theft.

Zhou and Chen have yet to be sentenced but face years of imprisonment plus heavy monetary sanctions and forfeiture orders. Their convictions, however, highlight a key concern of the United States, recently described by Director of National Intelligence John Ratcliffe as the Chinese government’s strategy to “rob, replicate, and replace” American intellectual property.[1] The Department of Justice (DOJ) has, in turn, increasingly focused on protecting American innovation and technology from misappropriation by the Chinese government.

DOJ’s focus on trade secret theft is a key component of the “China Initiative” rolled-out by DOJ two years ago. On November 16, 2020, the two-year anniversary of the initiative, Attorney General William Barr announced that “the Department has made incredible strides in countering the systemic efforts by the [People’s Republic of China] to enhance its economic and military strength at America’s expense … [and] is committed to holding to account those who would steal, or otherwise illicitly obtain, the U.S. intellectual capital that will propel the future.”[2] The initiative “prioritizes use of the Department’s core tool, criminal investigation and prosecution, to counter economic espionage and other forms of trade secret theft.”[3]

The DOJ’s increased interest in investigating these crimes has resulted in multiple indictments for economic espionage since the start of 2020. In total, DOJ has charged five cases involving theft of trade secrets for the benefit of China and an additional ten cases with “some alleged nexus to China.”[4]

DOJ’s early focus was on educating and protecting those in academia who might be viewed as easier targets for these thefts given the open idea-sharing that is central to academic research. But the criminal charges unveiled this year reveal that the initiative is expanding.

Zhou and Chen, for example, underscore the value of medical research that might be targeted – a topic that is particularly acute given the ongoing COVID-19 pandemic. In fact, DOJ reported that it had charged several individuals associated with the Chinese Ministry of State Security in connection with global hacking campaigns targeting biomedical researchers conducting COVID-19 research.[5]

In February 2020, DOJ announced the sentencing of a Houston man, convicted of trade secret theft and related crimes, for setting up a subsidiary for a Chinese company in the U.S. that was used to steal trade secrets in connection with the manufacture of an engineered-foam material used in oil and gas drilling.[6] Later that same month, DOJ announced that a Chinese national had been sentenced for stealing trade secrets from his employer, a petroleum company, involving the development of battery technology.[7] DOJ has also announced charges or convictions related to theft of trade secrets from semiconductor manufacturers and oil and gas producers.[8]

Inevitably, businesses in all sectors must be vigilant to protect their valuable trade secret information. Those that have relationships with China-based distributors, manufacturers, or the like should employ enhanced due diligence and ensure the adequacy of their firewall protocols to silo trade secret information. Obviously, not every connection to China puts a company at risk for theft, but China’s willingness to facilitate, and pay for, misappropriated American research and technology creates a tempting environment for employees and business partners to steal trade secrets. Enhanced due diligence and periodic background checks are now critical to maintaining the secure environment a business needs to protect its proprietary information.

[1] John Ratcliffe, “China is National Security Threat No. 1,” Wall Street Journal Op-ed (Dec. 3, 2020).

[2] U.S. Dep’t of Justice, “The China Initiative: Year-in-Review (2019-20),” No. 20-1238 (Nov. 16, 2020).

[3] Id.

[4] Id.

[5] See id.

[6] See U.S. Dep’t of Justice, “American Businessman Who Ran Houston-Based Subsidiary of Chinese Company Sentenced to Prison for Theft of Trade Secrets,” No. 20-174 (Feb. 11, 2020).

[7] See U.S. Dep’t of Justice, “Chinese National Sentenced for Stealing Trade Secrets Worth $1 Billion,” No. 20-242 (Feb. 27, 2020).

[8] See, e.g., U.S. Dep’t of Justice, “Chinese Citizen Convicted of Economic Espionage, Theft of Trade Secrets, and Conspiracy,” No. 20-598 (June 26, 2020); U.S. Dep’t of Justice, “Chinese Energy Company, U.S. Oil & Gas Affiliate and Chinese National Indicted for Theft of Trade Secrets,” No. 20-1182 (Oc. 29, 2020).

The Department of Justice (DOJ) just released an updated version of its Resource Guide to the Foreign Corrupt Practices Act. While the new version does not announce any groundbreaking changes, it now includes updates and references to recently issued policies, such as the DOJ’s Corporate Enforcement Policy, Evaluation of Corporate Compliance Programs, and the Corporate Monitorship Policy. The updated guidance was released with little fanfare on Friday night, July 3, 2020, as the Criminal Division at Main Justice was undergoing a change in leadership. The Guide is largely the same document and limited to a discussion of the FCPA, but it nonetheless is a useful tool for practitioners seeking to understand the government’s corporate charging policies generally. The Resource Guide is lengthy, at almost 200 pages, and the new revisions do not lengthen it further. The DOJ has mostly restructured sections and added more recent cases for discussion but largely left the Guide intact. Nevertheless, certain revisions to the Resource Guide merit emphasis and are highlighted below.

The Aftermath of Hoskins

The DOJ is careful in this guidance to characterize the reach of criminal co-conspirator and aiding and abetting liability as a result of a recent, well-publicized Second Circuit decision that limited the DOJ’s ability to pursue foreign nationals who participate in a bribery scheme.  In United States v. Hoskins, 902 F.3d 69 (2d Cir. 2018), the Second Circuit held that a foreign national who was not otherwise covered by the specifically enumerated categories in the FCPA, could not be prosecuted using co-conspirator or aiding and abetting liability. The Court held that the government could proceed on the theory that Hoskins was an “agent” of a “domestic concern” which required the government to prove that Hoskins, who was a foreign national working for a foreign subsidiary, participated in a bribe scheme and took direction from the U.S. subsidiary. The government ultimately persuaded a jury to convict Hoskins on various charges, although post-verdict, the district court acquitted Hoskins on the foreign bribery counts because there was insufficient evidence of “agency.” With these setbacks, the DOJ is now limited in pursuing its expansive view of co-conspirator liability under the FCPA, at least in the Second Circuit.

The DOJ says as much in the Guide, acknowledging the opinion and its application in the Second Circuit, but also noting that a district court in the Seventh Circuit disagreed with the holding and concluded that precedent in the Seventh Circuit would dictate that defendants could be criminally liable for violations of the anti-bribery provisions of the FCPA as co-conspirators or aiders and abettors, even if they did not fall under one of the enumerated categories of liability in the statute. United States v. Firtash, 392 F. Supp. 3d 872, 889 (N.D. Ill. 2019). Although the DOJ cites Firtash, presumably to make the point that the law is not settled, it has cautiously revised the Guide, deleting broad language in its description of the breath of the anti-bribery provisions. Previously, the DOJ stated that a foreign national who attended a meeting in the United States would be subject to the FCPA, as well as co-conspirators or aiders and abettors, “regardless of whether the foreign national or company itself takes any action in the United States.” (Emphasis added.) That reference is deleted. Similarly, in an example in the same section, the DOJ also deleted language indicating that a company and an intermediary working on behalf of an “issuer” would be liable if they had never taken action in the territory of the United States, both as co-conspirators and for substantive violations of the anti-bribery provisions, because the violations were “reasonably foreseeable” and in furtherance of the conspiracy. (Emphasis added.) Although the DOJ will continue to try to limit the applicability of Hoskins in other circuits, it appears to be taking a more restrained approach and pulling back on previously broad assertions of conspiracy liability under the FCPA. In practice, the court-imposed limitation may not mean much because DOJ has many other ways of charging defendants, including the use of money-laundering and various fraud statutes.

Defining a State-Owned or State-Controlled Entity

Before any kind of judicial guidance, practitioners were forced into their own fact-based analysis as to what constituted an “instrumentality” of the state when determining whether a target entity was a state-owned or -controlled company under the FCPA. This analysis was, and is, critical for in-house compliance personnel in determining whether their company’s interactions with employees of these entities were “foreign government officials.” A few years ago, the Eleventh Circuit issued a well-reasoned opinion that will greatly assist in this analysis. United States v. Esquenazi, 752 F.3d 912 (11th Cir. 2014) set forth factors that determined whether a Haitian telecommunications company was a state-owned or controlled company under the control of the Haitian government. The reasoning of the Circuit, including the applicable factors to analyze that question, have now been incorporated into the DOJ’s Guide.   The factors in determining whether the government controls an entity include: (1) the government’s formal designation of the entity; (2) whether the government has a majority interest in the entity; (3) the government’s ability to hire and fire principals of the entity; (4) the extent to which the entity’s profits go directly into the government’s fiscal accounts, and if the government has or will fund the entity when it is operating at a loss; and (5) the length of time these factors have existed.

In addition, factors determining whether the entity is performing a function that is essentially a governmental function include: (1) whether the entity has a monopoly over the function it seeks to carry out; (2) whether the government subsidizes the entity’s costs in providing the service; (3) whether the entity provides services to the public at large in the foreign country; and (4) whether the public and the government of the foreign country generally perceive the entity to be performing a governmental function. This second part of the analysis is also important. It is not enough for counsel to analyze whether the entity is state-owned or controlled, but counsel must also evaluate whether the pertinent function it performs has enough government characteristics to be considered a governmental action.

While the analysis in Esquenazi has already been used by FCPA practitioners, it is helpful that the DOJ adopted these factors in its new guidance to further assist outside counsel, as well as companies training their compliance staff. Moreover, the recent cases prosecuted and cited in the DOJ guidance fit squarely within that analysis. In determining whether a company was a state-owned entity in various cases, the DOJ cites factors such as the receipt of special tax advantages, the appointment of management or board members by government officials, the installation of political appointees as managers, or a government’s large ownership stake and veto power over major expenditures.

In adopting the Eleventh Circuit’s analysis and illustrating it with recent cases, the revised Resource Guide provides greater clarity in defining what companies or entities are “instrumentalities” and, as a consequence, who would be a “foreign government official” under the FCPA.

A Parent Company’s Liability for the Actions of Its Subsidiaries

The revised Resource Guide reiterates the government’s position that a parent may be liable for its subsidiary’s conduct under traditional agency principles. While there has been recent discussion about how far the government would take this concept, the outgoing AAG of DOJ’s Criminal Division has assured practitioners that the DOJ does not intend to hold parent companies liable for subsidiaries merely because of corporate ownership, but instead would evaluate each case on its own facts. AAG Benczkowski’s Remarks at ACI’s 36th Conference on the Foreign Corrupt Practices Act, December 4, 2019. The result in Hoskins shows that the government needs a strong showing of control and direction to establish agency in a criminal case.

The revised Resource Guide acknowledges that the government will evaluate the control exercised over the subsidiary, including the parent’s knowledge and direction of the subsidiary’s actions. While the guidance states that “if an agency relationship exists between a parent and a subsidiary, the parent is liable for the bribery committed by the subsidiary’s employees,” that statement is too broad and should be read along with other parts of the guidance and recent remarks by the outgoing AAG. Viewing DOJ ’s guidance in its entirety, the following questions need to be asked in evaluating parental liability: Did an agency relationship exist between the parent and subsidiary? Did the parent have knowledge of, or direct, the actions of the subsidiary generally and related to the specific transactions in question? Did the subsidiary act within the scope of authority conferred by the parent? The revised Guide is clear that DOJ will not be deterred by the formalities of the corporate structure but will focus on a fact-based inquiry into the parent’s conduct in conferring authority and providing direction to its subsidiaries, particularly with respect to the misconduct at issue.

A Nod to Internal Controls

With the emphasis the government has placed on compliance, companies are often asked detailed and specific questions about the state of their financial controls. The government notes in the revised Resource Guide that a compliance program and internal controls are not the same, but both contain a number of components that overlap and should be monitored. When reviewing internal controls, the Guide directs companies to take into account the risks of its business, including the type of products and services it provides, how products and services get to market, the nature of the company’s work force, the degree of regulation, the extent of government interaction, and the degree to which it has business in high risk countries. While these factors are not new, the government’s increasing focus on financial compliance should prompt companies to continue to integrate their compliance and audit functions.


The revised FCPA Resource Guide did not tackle some of the very important issues facing companies today. The Guide notes that the DOJ has coordinated resolutions with foreign governments in ten cases and the SEC has coordinated in five cases which demonstrates that the government is attempting to avoid “piling on” by imposing duplicative penalties. But for multinational companies that often face years of investigation by multiple foreign governments after the DOJ and SEC settle their cases, these statistics are not promising. Foreign authorities can be more disorganized, lack resources, or may not be bound by any statute of limitations. All of these factors can cause unacceptable delays in negotiating separate foreign resolutions and can result in duplicative penalties imposed long after the misconduct occurred. Moreover, data privacy and cyber security concerns for employee and proprietary data are top priorities for companies operating in multiple, high risk regions or in countries with a track record of trade secret theft. Moving data across borders to satisfy U.S. government requests can be problematic under these conditions, but the Resource Guide does not give guidance on these issues. Perhaps in the next set of revisions, the DOJ and SEC will give greater thought as to how companies can meet these challenges when they seek to cooperate in a government investigation.