On February 1, 2024, the G7+ Coalition (consisting of the G7, the European Union, and Australia) published an Oil Price Cap (OPC) Compliance and Enforcement Alert (the “Alert”), identifying notable OPC evasion methods and recommending various methods to reduce the risk of evasion and its negative impacts.  The OPC was enacted in December 2022 in response to the Russian incursion into Ukraine and related disruptions to global oil flows and energy security.  The Alert seeks to bolster legitimate commercial efforts to comply with the OPC and provides guidance to regulators on how to combat the innovative methods by which bad actors are attempting to circumvent it.  The G7+ Coalition is further encouraging regulators to supplement its findings and recommendations with their own detailed advisories, sector-specific guidance, and case studies.

On Feb. 6, 2024, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced a $4.75 million settlement with New York non-profit health system Montefiore Medical Center over alleged malicious insider conduct that caused potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This settlement follows two other recent investigations that led to OCR’s first-ever settlements stemming from ransomware and phishing attacks.

For U.S. businesses, sanctions compliance has never been more challenging or more important.  The U.S. has responded to Russia’s invasion of Ukraine with a broad range of sanctions targeting the Russian government, its officials, oligarchs and Russia’s financial and energy industries, among others.  Indeed, since the invasion of Ukraine, the agency that administers sanctions, the Office of Foreign Assets Control (OFAC), has added over 2500 Russia-related targets to the Specially Designated Nationals and Blocked Persons (SDN) List.  These new sanctions mean that there are now more sophisticated and motivated sanctions evaders than ever before.  In turn, the U.S. has made clear its determination to pursue those who violate sanctions.  As a means of capturing its new level of intensity and commitment to sanctions enforcement, the leadership of the Department of Justice (DOJ) has described sanctions enforcement as “the new FCPA.”[1]  Moreover, all of the above was true before Hamas’ attack on Israel and the escalation of violence in the Middle East, which increases the importance of sanctions targeting Hamas, Hezbollah, Iran and other adversaries of the U.S. based in the Middle East.

On Nov. 6, 2023, the U.S. Department of Health and Human Services Office of Inspector General (OIG) issued its General Compliance Program Guidance for healthcare providers and other industry stakeholders. The guidance follows OIG’s previous announcement about a modernization initiative and signifies a major update to OIG’s prior approach to providing guidance on effective compliance

RELATED UPDATE: Deputy Attorney General Monaco Announces New DOJ Whistleblower Program (March 8, 2024)

As of January 1, 2024, the Corporate Transparency Act (“CTA”) has gone into effect. Companies that may be Reporting Companies of Beneficial Ownership Information (“BOI”) should be aware of three key aspects of the CTA.

  • One, entities formed on or after January 1, 2024 must file, within 90 days after formation or registration, their required BOI with the Financial Crimes Enforcement Network (“FinCEN”). McGuireWoods has published prior alerts on the CTA generally, the use of FinCEN identifiers to report BOI, and FinCEN’s extension of the time to file from 30 to 90 days. As a reminder, Reporting Companies in existence prior to January 1, 2024 have until January 1, 2025 to make their required reports. FinCEN has published guidance materials to facilitate understanding the BOI reporting requirements, which include a Small Business Compliance Guide, FAQs, and other resource materials. These are available on FinCEN’s website. FinCEN plans to continue developing guidance and other materials to ensure timely, accurate, and complete reporting. FinCEN also established a dedicated BOI contact center to respond to questions regarding reporting requirements, as well as to provide technical assistance to users encountering issues with its Beneficial Ownership Secure System (“BOSS”).
  • Two, FinCEN met its January 1, 2024 deadline to have the BOSS up and running to receive, store, and maintain BOI.
  • Three, FinCEN adopted a new regulation that addresses how FinCEN will regulate access to the BOI reported to FinCEN. While the new access rule takes effect on February 20, 2024, access will be phased in over time to ensure that the proper controls are in place to, among other things, ensure the security of the reported information.

This past summer, in United States v. Booker, a North Carolina district court ruled against a challenge to the constitutionality of Congress’s delegation of authority to promulgate safe harbors to the Anti-Kickback Statute (AKS). In filing a motion for acquittal, Defendant Donald Booker argued the AKS “Safe Harbor Provision,” which grants the Secretary of Health and Human Services (HHS) the authority to exempt certain conduct from the “illegal remuneration” prohibitions of the AKS, violates the nondelegation doctrine. While Booker’s argument may appear paradoxical as, if successful, he would be prosecuted under the AKS without the protection of this safe harbor, the case raises an interesting example of a constitutional challenge to the AKS, which we may see more to come directly or with the FCA in the new year.