Alston & Bird Consumer Finance Blog

Uncategorized

Labor & Employment Advisory | Employment Laws Coming to California in 2026

By ,

Originally published November 11, 2025 (source).

Executive Summary

As the end of 2025 approaches, our Labor & Employment Group highlights and summarizes new employment laws taking effect in California beginning in 2026.

  • Notice and reporting requirements for workers’ rights, Cal-WARN notices, and data breaches will be updated
  • The state labor board will step in when the National Labor Relations Board “expressly or impliedly ceded jurisdiction,” though litigation may derail the state law
  • Rehire and retention protections for workers stemming from the COVID-19 pandemic have been extended to 2027

The new year will bring new employment laws to California’s books. Employers should be aware of these new laws to ensure compliance in the coming year and beyond.

Pay Equity

Equal Pay Act Reforms – SB 642

An amendment to California’s Equal Pay Act, SB 642 expands the definition of wages to include benefits and non-salary compensation, extends the statute of limitations and recovery period for pay equity violations, and adds protections for nonbinary employees. Taking effect January 1, 2026, the law also imposes stricter pay scale requirements in job postings to promote greater pay transparency and prevent employers from undercutting the requirement with speculative pay ranges.

For a more in-depth analysis on changes to California’s pay equity protections, see here.

New Pay Data Reporting Requirements and Mandatory Penalties – SB 464

Starting January 1, 2027, employers with 100 or more employees and are required to submit annual demographic pay data reports to the Civil Rights Department (CRD) will now have to do so for 23 specified job categories—up from 10.

Current law allows courts to impose civil penalties on employers that fail to comply with pay data reporting requirements. Under the new law, these penalties are mandatory upon request by the CRD.

Notice and Reporting Requirements

Know Your Rights Act for California Workplaces – SB 294

Under the new Workplace Know Your Rights Act, on or before February 1, 2026, and annually thereafter, employers must provide written notice to all employees of various labor rights, including rights to workers’ compensation benefits, constitutional rights when interacting with law enforcement in the workplace, and protection against unfair immigration-related practices such as notice of immigration inspections. The labor commissioner is tasked with publishing a compliant notice on or before the first of the year.

Employers must also notify an employee’s designated emergency contact if the employee is arrested or detained on the worksite or while performing job duties.

Penalties include up to $500 per employee for failing to provide Workplace Know Your Rights notices and a daily $500 penalty, capped at $10,000, for not notifying emergency contacts of an arrest or detainment.

Updated Cal-WARN Notice Requirements – SB 617

California’s Worker Adjustment and Retraining Notification (Cal-WARN) notices for mass layoffs, terminations, or relocations must also include information on CalFresh food assistance programs and any workforce development boards or entities the employer will coordinate services through, starting January 1, 2026.

For a more in-depth analysis on the new Cal-WARN notice requirements, see here.

New 30-Day Data Breach Disclosure – SB 446

Starting January 1, 2026, businesses must notify consumers of data breaches within 30 days of discovery or notification of the breach and disclose large data breaches affecting more than 500 California residents to the state attorney general within 15 days. While SB 446 replaces the current flexible timelines with a strict 30-day breach notification rule, exceptions apply for legitimate law enforcement needs or as necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

Signed into law this October, businesses have only a few months to review and update incident response and notification procedures to comply with the new statutory timeframe.

Wage and Labor Disputes

Expanding the Jurisdiction of California’s Labor Board – AB 288*

As the National Labor Relations Board (NLRB) continues without quorum to decide labor cases before it after President Trump’s firing of Chair Gwynne Wilcox, AB 288 expands the jurisdiction of California’s Public Employment Relations Board (PERB) to covered private sector employees who petition to enforce their rights under the National Labor Relations Act (NLRA).

Set to take effect January 1, 2026 with a phased rollout through January 1, 2027, the law will permit California’s public sector labor agency to investigate and decide labor disputes and alleged unfair practices cases and oversee union elections in the private sector if the NLRB has “expressly or impliedly ceded jurisdiction.”

*Subject to ongoing litigation: On October 15, 2025, just two weeks after AB 288 was signed into law, the NLRB filed a lawsuit against PERB and the State of California alleging AB 288 is unconstitutional and preempted by the NLRA. It is unclear whether AB 288 will survive the NLRB’s attempt to block the law from going into effect next year.

Increased Enforcement of Wage Laws – SB 261

In addition to expanded workplace regulations, employers will also be met with greater penalties for failing to satisfy employee wage judgments. Effective January 1, 2026, employers that fail to pay wage-related judgments within 180 days will face mandatory court costs and attorneys’ fees, penalties up to triple the outstanding judgment amount, and enforcement by public prosecutors permitted to stand in as assignees of employees with unpaid wage judgments.

Employers should audit procedures to resolve unpaid wage judgments within the 180-day satisfaction period to avoid heavy penalties under the new law.

Contracts and Employee Benefits

An End to “Stay or Pay” Contracts – AB 692

AB 692 makes “stay or pay” contracts entered into on or after January 1, 2026 illegal in California. An extension of the prohibition on noncompete contracts, this law prohibits employers from requiring employees to pay certain penalties, fees, or costs if they leave their employment before a set minimum work period. The ban applies to the common use of training-repayment agreement provisions but provides exceptions for separate agreements covering signing bonuses or tuition reimbursements.

Employers should make sure to review employment contracts before the law goes into effect. Violations allow employees to sue for the greater of actual damages or $5,000 plus attorneys’ fees and costs.

Expanded Paid Family Leave for “Designated Persons” – SB 590

Beginning July 1, 2028, workers can take up to eight weeks of paid family leave to care for a designated person, identified under penalty of perjury and attesting to the qualifying relationship.

This law expands eligibility under the existing paid family leave progam to workers who take time off to care for seriously ill “designated persons,” defined as “any care recipient related by blood or whose association with the individual is the equivalent of a family relationship.”

AI Regulation and Extended COVID Protections

Transparency in Frontier AI Act – SB 53

As the first law of its kind, SB 53 attempts to directly regulate the development of artificial intelligence (AI) by establishing mandatory safety incident reporting and requiring large developers of “frontier” AI models to publish and maintain a framework of safety protocols, risk assessment, and management practices. Noncompliance carries civil penalties of up to $1 million per violation.

The oversight and regulation of these large AI models is likely to impact the companies that use them. The law also provides whistleblower protections for employees who report violations or safety threats. Developers are prohibited from enforcing nondisclosure agreements or retaliating against employees who raise these concerns, and they must establish an internal anonymous reporting process.

For a more in-depth analysis on AI litigation and regulatory trends, see here

2027 Extension on Pandemic Worker Recall Rights – AB 858

The rehire and retention protections for certain hospitality and airport service workers laid off for COVID-19-related reasons have been extended until January 1, 2027. Two months before the pandemic worker reinstatement rights were set to expire on December 31, 2025, Governor Gavin Newsom signed this second extension into law on October 3.

If you have any questions, or would like additional information, please contact one of the attorneys on our Labor & Employment team.

You can subscribe to future advisories and other Alston & Bird publications by completing our publications subscription form.

Texas Commercial Sales- Based Financing Law Poses Unique Challenges to Financial Services Industry

By

What Happened?

Following the path of nine other states that have enacted laws to regulate commercial non real estate secured financing, on May 28, 2025, the Texas legislature passed a “commercial sales-based financing” bill, known as House Bill 700[1], and the Governor Greg Abbott signed the bill into law on June 20, 2025. Unlike other state laws that have required providers of commercial financing to make Truth-in-Lending-type disclosures to borrowers, and in some instances, register with state authorities, the Texas legislation caps the cost of “sales-based financing,” which is defined as “a transaction that is repaid by the recipient to the provider of the financing as a percentage of sales or revenue, in which the payment amount may increase or decrease according to the volume of sales made or revenue received by the recipient or according to a fixed payment mechanism that provides for a reconciliation process that adjusts the payment to an amount that is a percentage of sales or revenue.” Most provisions of the law become effective on September 1, 2025, except for the provider and broker registration requirement, discussed below, which takes effect on December 31, 2026.

Why It Matters

Notably, the Texas legislation includes a provision that prohibits sales-based financing providers from establishing a “mechanism for automatically debiting a recipient’s deposit account” unless the provider obtains and perfects a security interest in the recipient’s account with “first priority” against the claims of “all other persons.” As a practical matter, no provider is likely to meet this standard. Under the Uniform Commercial Code, a security interest in a deposit account can only be perfected by entering into a deposit account control agreement with the bank at which the account is maintained. These control agreements typically provide a creditor with lien priority against the claims of other secured creditors, but not against the claims of the bank itself. Because the claims of the bank will be superior to the claims of the sales-based financing provider, no provider would be able to satisfy the Texas requirement that the provider’s interest have priority against the claims of “all other persons.” This requirement is significant because most sales-based financing transactions require payment via automated clearing house (ACH) debit entries to the recipient’s deposit account. It is unclear whether providers will be able to devise alternative payment methods or whether such alternative payment methods will negatively impact the performance of sales-based finance transactions.

Further, the legislation amends Texas law to exclude “sales-based financing” from Texas’s usury exemption. Under the new legislation, fees and charges paid or charged under a “sales-based financing” transaction count as interest under state usury law, regardless of the amount financed. However, the legislation does not require disclosure of an APR or interest rate, and it is not clear how the interest rate of a “sales-based financing transaction” would be determined for usury purposes.

The Texas legislation requires providers who extend specific offers of commercial “sales-based financing” of less than $1,000,000 to disclose to Texas-based recipients, among other things, (1) the total amount of the financing; (2) the disbursement amount; (3) the finance charge; (4) the total repayment amount; and (5) the estimated period for the periodic payments to equal the total repayment amount under the terms of the financing.

The legislation requires financers (i.e., “providers”) and brokers of “sales-based financing” transactions to register with the Texas Office of Consumer Credit Commissioner and to renew their registrations annually by January 31. The legislation exempts from its requirements banks (specifically including out-of-state banks) and their subsidiaries and affiliates, certain companies that provide tech services to exempt entities, lenders regulated under the Farm Credit Act, real property secured sales-based financing, true (operating) leases, and certain a commercial sales-based financing agreement or commercial open-end credit plan of $50,000 or more.

Again, most provisions of the law become effective on September 1, 2025, except for the provider and broker registration requirement, which takes effect on December 31, 2026.

A person who violates the law would be subject to a civil penalty of $10,000 for each violation, but the legislation does not authorize a private right action for violations arising under the law.

What To Do Now

The Texas legislation, while part of a growing trend of augmented state regulation of commercial non real estate secured lending, is far more burdensome than other similar state laws enacted to date, and at first blush, absent an exemption, may render it extremely difficult, if not impossible, to conduct sales-based financing in Texas. Only time will tell whether lenders can devise alternative financing methods that are not ensnared by the legislation or whether the legislature amends the law.

[1] https://legiscan.com/TX/text/HB700/2025

 

President’s Working Group Declares a New Era for Digital Assets

By

What Happened?

On July 30, 2025, the President’s Working Group on Digital Asset Markets released a comprehensive Digital Assets Report, outlining a national strategy for cryptocurrency and blockchain. Declaring a departure from the prior Administration’s approach, the report recommends that regulators adopt pro-innovation rules toward digital assets and blockchain technology. It addresses market structure, banking, payments, stablecoins, taxation, and anti-money-laundering (AML) measures.

The Working Group was established in the President’s January Executive Order, Strengthening American Leadership in Digital Financial Technology, which declared support for the responsible growth and use of digital assets, blockchain technologies, and related technologies across all sectors of the economy.

Why Is It Important?

The report marks a significant shift in U.S. policy, and it is designed to position the United States as a global leader in digital finance. It outlines lawful digital asset use, including self-custody rights, and promotes U.S. dollar-pegged stablecoins to strengthen dollar dominance globally (while rejecting a U.S. central bank digital currency). The recommended framework includes tools that include safe harbors, innovation exemptions, and updated tax and banking rules.

On July 31, 2025, SEC Chair Paul Atkins amplified the report’s significance in a speech, American Leadership in the Digital Finance Revolution, calling it a “blueprint to make America first in blockchain and crypto technology.” He characterized the potential of digital asset technology as a new area in the history of financial markets and said that regulatory clarity could unleash unprecedented capital formation and consumer choice.

What To Do Now?

The regulatory tide has clearly shifted for companies who wish to explore or engage in the digital asset ecosystem. As always, sound compliance and governance structures will be key as regulatory expectations evolve. Additionally, engaging with regulators and industry groups to craft safe harbors and sandbox programs will be crucial to ensure alignment with evolving regulatory approaches for AML, banking, tax, and digital identity standards.

Privacy, Cyber & Data Strategy / White Collar, Government & Internal Investigations Advisory | GENIUS Act Establishes Federal Regulatory Oversight of Global Stablecoin Industry

By , ,

Executive Summary
8 Minute Read

Our Privacy, Cyber & Data Strategy and White Collar, Government & Internal Investigations Teams examine how the GENIUS Act’s framework for stablecoin issuers will impact the cryptocurrency sector.

  • The Act restricts the issuance of payment stablecoins within the United States to “permitted payment stablecoin issuers” (PPSIs)
  • PPSIs must maintain reserves of high-quality, liquid assets that fully back their outstanding stablecoins on at least a one-to-one basis
  • Regulatory oversight is divided between federal and state authorities, with joint oversight applying when state issuers exceed certain thresholds or opt into federal frameworks

___________________________________________________

On July 17, 2025, during “Crypto Week,” the U.S. House of Representatives passed the landmark Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act). Signed into law by President Donald Trump the next day, the GENIUS Act establishes a comprehensive federal framework for the issuance of payment stablecoins, regulation of stablecoin issuers, and both federal and state oversight for stablecoin authorization, audits, and other obligations. Domestic and foreign issuers in the more than $250 billion stablecoin market now have a clear path to securing and maintaining regulatory compliance in the United States.

Demonstrating rare cross-aisle cooperation and a shared interest in modernizing financial regulations to match emerging blockchain and artificial intelligence (AI) technologies, the Act garnered 308 affirmative votes in the House and 68 in the Senate, surpassing the upper chamber’s filibuster threshold. The GENIUS Act addresses Trump’s key campaign and policy promise to bring clarity and control to the digital asset market.

Key Provisions of the GENIUS Act

Effective date

The GENIUS Act takes effect on the earlier of (1) January 18, 2027 (18 months after the date the Act is enacted into law); or (2) 120 days after the primary federal regulators responsible for stablecoins issue their final regulations to implement the Act.

Authorized issuance of stablecoins only

The Act restricts the issuance of payment stablecoins within the United States to only those entities that qualify as “permitted payment stablecoin issuers” (PPSIs). PPSIs must be either U.S.-based issuers authorized under the Act or foreign issuers that are registered and operate under a regulatory framework deemed comparable to the Act by U.S. authorities and are subject to supervision by the Office of the Comptroller of the Currency (OCC).

A domestic PPSI must meet the requirements of one of three main categories: (1) subsidiary of an insured depository institution that has received approval to issue payment stablecoins under Section 5 of the Act; (2) federal qualified payment stablecoin issuers, which encompass nonbank entities (excluding state-qualified issuers) approved by the OCC, uninsured national banks chartered and approved by the OCC, or a foreign bank that does business outside the United States and has opened one or more federally licensed branches or offices in a U.S. state (“federal branch”), approved by the OCC; or (3) state-qualified payment stablecoin issuers, which are entities legally established under state law and approved by a state payment stablecoin regulator, provided they are not an uninsured national bank, federal branch, insured depository institution, or subsidiary of any such entities.

Requirements for issuing stablecoins

PPSIs must maintain reserves that fully back their outstanding stablecoins on at least a one-to-one basis. These reserves must consist of high-quality, liquid assets such as U.S. coins and currency or credit with a Federal Reserve Bank, demand deposits at insured depository institutions, short-term U.S. Treasury securities, and other monetary securities described in Section 4(a)(1) of the GENIUS Act. Any PPSI must publicly disclose its redemption policies and publish monthly reports detailing the composition, average maturity, and custody location of its reserves. A PPSI’s CEO and CFO must certify the accuracy of those monthly reports, and the Act makes knowingly false certifications punishable by up to 10 or 20 years’ imprisonment under 18 U.S.C. § 1350. To ensure reserve quality and transparency, PPSIs are prohibited from pledging, rehypothecating, or reusing reserves except under limited conditions, such as meeting margin obligations for investments in permitted reserves or creating liquidity to redeem payment stablecoins.

Mitigating money laundering and illicit financing risk

The GENIUS Act designates permitted payment stablecoin issuers as “financial institutions” under the Bank Secrecy Act (BSA), requiring them to implement robust compliance programs to prevent money laundering, terrorist financing, sanctions evasion, and other illicit activity. PPSIs must annually certify that they have implemented an effective BSA/AML compliance program. False certifications are punishable by up to five years’ imprisonment. To ensure regulatory parity, the Act’s registration and inspection requirements for foreign issuers effectively subjects them to similar compliance standards when accessing the U.S. market. Issuers must also be technologically capable of assisting with asset freezes, seizures, and turnovers pursuant to lawful orders. The Act further strengthens enforcement by requiring both U.S. and foreign issuers to (1) maintain the technical ability to comply with such orders; and (2) comply with them. Foreign issuers that fail to do so may be designated “noncompliant” by the Treasury, triggering a ban on secondary trading of their stablecoins after 30 days. Violations of that ban carry steep penalties—up to $100,000 per day for digital asset service providers and $1 million per day for foreign issuers.

Regulatory oversight

Regulatory oversight is divided between federal and state authorities, with federal regulators overseeing federally chartered or bank-affiliated issuers, state regulators supervising state-chartered issuers, and joint oversight applying when state issuers exceed certain thresholds or opt into federal frameworks. Regulators are responsible for licensing, examining, and supervising PPSIs to ensure compliance with the Act’s requirements, including reserve backing, redemption policies, and risk management standards.

PPSIs with more than $50 billion in consolidated total outstanding issuance that are not subject to the reporting requirements of the Securities Exchange Act of 1934 are required to prepare an annual financial statement in accordance with generally accepted accounting principles (GAAP) and must disclose any “related party transactions,” as defined under GAAP. A registered public accounting firm must audit the annual financial statement, and the audit must comply with all applicable standards set by the Public Company Accounting Oversight Board. These audited financial statements must also be made publicly available on the PPSI’s website and submitted annually to the PPSI’s primary federal payment stablecoin regulator.

Civil and criminal penalties

Additional civil and criminal penalties are set out throughout the Act. Notably, entities other than PPSIs that issue payment stablecoins in the United States without proper approval may face civil penalties of up to $100,000 per day for violations. Individuals who knowingly issue stablecoins in the United States without being a permitted payment stablecoin issuer face up to five years’ imprisonment and fines up to $1 million for each violation. Additionally, individuals with certain felony convictions are prohibited from serving as officers or directors of a PPSI, and violations of that prohibition can result in imprisonment for up to five years. The Act expressly gives regulators discretion to refer violations of the Act to the Attorney General.

Modernizing anti-money laundering and financial crimes compliance

The GENIUS Act places a strong emphasis on leveraging blockchain technology and AI to modernize the detection of illicit financial activity involving digital assets. The Act mandates that the Secretary of the Treasury initiate a public comment period to gather insights on how regulated financial institutions are using or could use innovative tools—particularly blockchain and AI—to detect money laundering and related crimes. Blockchain technology is highlighted for its potential in transaction monitoring and transparency, especially in tracking digital asset flows and identifying suspicious patterns.

Rulemaking timeline

The Act mandates that all primary federal payment stablecoin regulators, the Secretary of the Treasury, and state payment stablecoin regulators must promulgate regulations to implement the Act within one year of its enactment (July 18, 2026). These regulations must be issued through a notice-and-comment process. Additionally, within 180 days of the Act’s effective date, the OCC, Federal Deposit Insurance Corporation, and Board of Governors of the Federal Reserve System shall submit a report to the Senate Committee on Banking, Housing, and Urban Affairs and the House Committee on Financial Services that confirms and describes the regulations necessary to carry out this Act.

Other Impending Crypto Legislation

The GENIUS Act is momentous for stablecoin issuers, but it does not resolve a number of crypto-native issues, which are the subject of a broader market structure bill known as the Digital Asset Market Clarity Act of 2025 (CLARITY Act). The CLARITY Act passed the House with broad bipartisan support, and a version is currently under Senate consideration. While the GENIUS Act focused narrowly on regulating stablecoin issuers, the CLARITY Act seeks to establish a robust regulatory framework for all digital assets and define the roles of the Securities and Exchange Commission and Commodity Futures Trading Commission in policing the digital asset markets. Most notably, for the first time, the CLARITY Act attempts to classify digital assets based on their characteristics, such as decentralization and blockchain maturity, with a goal of reducing regulatory uncertainty and fostering innovation in the cryptocurrency industry. Senator Tim Scott (R-SC), chair of the Senate Banking Committee, has made several public statements on the timeline for consideration of the CLARITY Act, with committee markup expected in September and full Senate action possible by late fall.

Conclusion

The GENIUS Act establishes a robust framework for the issuance and oversight of payment stablecoins in the United States. It sets clear standards to ensure transparency for the backing of permitted payment stablecoins, and it requires issuers, like traditional financial institutions, to quickly establish robust compliance programs to combat illicit uses of their stablecoins. With its strong bipartisan backing and goals of financial stability, consumer protection, and global competitiveness, the Act could lay the groundwork for a more transparent and trustworthy digital asset ecosystem.

Ransomware Fusion Center

Stay ahead of evolving ransomware threats with Alston & Bird’s Ransomware Fusion Center. Our Privacy, Cyber & Data Strategy Team offers comprehensive resources and expert guidance to help your organization prepare for and respond to ransomware incidents. Visit Alston & Bird’s Ransomware Fusion Center to learn more and access our tools.

Originally published July 24, 2025.

If you have any questions, or would like additional information, please contact one of the attorneys on our Privacy, Cyber & Data Strategy team.

You can subscribe to future advisories and other Alston & Bird publications by completing our publications subscription form.

From Uncertainty to Action: DOJ Rolls Out a New White-Collar Enforcement Playbook

By ,

On May 12, 2025, the head of the U.S. Department of Justice Criminal Division, Matthew Galeotti, announced a new white-collar enforcement plan rooted in three tenets: “focus, fairness, and efficiency.” The new plan includes updates to the Criminal
Division’s Corporate Enforcement Policy, independent compliance monitor selection policy, and whistleblower programs.

In announcing the new plan, Galeotti explained that the DOJ’s Criminal Division “is turning a new page on white-collar and
corporate enforcement,” and despite recent indications of a step back from corporate criminal enforcement by the DOJ, the
plan suggests that such enforcement is certain to continue in many ways that are familiar to companies and counsel. The
plan designates 10 areas of focus for white-collar enforcement: Some are longstanding enforcement priorities, such as health
care fraud, and some are newer initiatives that align with the Trump Administration’s priorities, such as trade and tariff-related enforcement.

Ten Corporate Criminal Enforcement Priorities
The Criminal Division’s plan is directed at “corporate crime in areas that will have the greatest impact in protecting American
citizens and companies and promoting U.S. interests,” and prioritizes 10 “high-impact areas” for investigative and
prosecutorial focus:
1. Fraud, waste, and abuse, including health care fraud and federal program and procurement fraud.
2. Trade and customs fraud, including tariff evasion.
3. Fraud perpetrated through special purpose vehicles or variable interest entities, including securities fraud and market
manipulation.
4. Fraud on U.S. investors, including through Ponzi schemes.
5. National security threats, including threats to the U.S. financial system.
6. Support to terrorist organizations, including designated cartels.
7. Complex money laundering.
8. Violations of the Controlled Substances Act and the Food, Drug, and Cosmetic Act, including illegal distribution of
fentanyl and other drugs.
9. Bribery and associated money laundering.
10. Certain crimes involving digital assets.

In investigating and prosecuting these types of conduct, the Criminal Division further commits to prioritize “schemes involving
senior-level personnel or other culpable actors, demonstrable loss, and efforts to obstruct justice,” and the identification and
seizure of “assets that are the proceeds of, or involved in” such conduct.

Corporate Enforcement Policy Changes
The CEP was introduced in 2016 as a pilot program for the Criminal Division’s Foreign Corrupt Practices Act unit. In 2018, the
policy was extended to “all other corporate matters” handled by the Criminal Division. In 2023, the CEP was revised again to
further incentivize self-disclosure through greater fine discounts. But at the same time, DOJ leadership announced that
non-prosecution agreements (NPAs) and deferred prosecution agreements would be “disfavored” without fast and full
cooperation. (Alston & Bird’s analysis of the CEP changes over time appears in advisories, available here, here, and here).

While this latest CEP update provides more certainty for companies who self-report and credit for “near misses,” it may also
result in the DOJ wielding a bigger stick against companies deemed to fall outside that scope. The revised CEP offers three
categories of potential benefits for companies:

  • To companies that (1) promptly and voluntarily self-disclose potential misconduct; (2) fully cooperate with the DOJ’s
    investigation; and (3) undertake timely and appropriate remediation, the Criminal Division promises a declination of
    enforcement action (provided no “aggravating circumstances” are present), rather than (as before) simply offering a
    presumption of a declination.
  • To companies in the “near miss” category that do not qualify for a declination (due to failure to self-report or the presence
    of aggravating circumstances), the Criminal Division promises an NPA with a term of 3 three years or less (except in
    “exceedingly rare cases”), no monitor, and a 75% fine reduction (calculated from the low end of the applicable U.S.
    Sentencing Guideline range).
  • To companies that fail to satisfy any of the three key criteria – voluntary self-disclosure, full cooperation, and timely and
    appropriate remediation – the Criminal Division caps the available fine reduction at 50% (typically from the low end of the
    applicable guideline range) and does not rule out the possibility of imposing an independent compliance monitor.

In an effort to further clarify these policy changes, the Criminal Division has, for the first time, distilled the CEP into a
flowchart:

Corporate Enforcement Policy flowchart

Whistleblower Program Changes
To reinforce the changes to the CEP, Galeotti directed that the Criminal Division’s Corporate Whistleblower Awards Pilot
Program (covered in an earlier Alston & Bird advisory, available here) be amended to include six additional types of conduct
of interest. These new areas are:
1. Violations by corporations related to cartels and transnational criminal organizations, including money laundering.
2. Violations by corporations of federal immigration law.
3. Violations by corporations involving material support of terrorism.
4. Corporate sanctions offenses.
5. Corporate trade, tariff, and customs fraud.
6. Corporate procurement fraud.

Individuals reporting such conduct must still meet the Corporate Whistleblower Awards Pilot Program criteria. But the
program’s expansion increases corporate risk as companies continue to grapple with the significant implications of the
numerous whistleblower programs launched by the DOJ in 2024 (covered in an Alston & Bird advisory, available here).

Monitor Selection Policy Changes
In his Memorandum on the Selection of Monitors in Criminal Division Matters, Galeotti aims to “clarify[] the factors that
prosecutors must consider when determining whether a monitor is appropriate and how those factors should be applied” and
also emphasizes the need to “appropriately tailor and scope the monitor’s review and mandate.” To accomplish these goals,
the memo lists four criteria prosecutors are to consider when assessing the need for a monitor:
1. The risk of recurrence of criminal conduct that significantly impacts U.S. interests.
2. The availability and efficacy of other independent government oversight.
3. The efficacy of the company’s compliance program and culture of compliance at the time of the resolution.
4. The maturity of the company’s controls and its ability to independently test and update its compliance program.

Based on those criteria, if a prosecutor determines that a monitor is appropriate, then Galeotti’s memo requires prosecutors to
take three specific steps “to ensure [the monitorship] is carried out appropriately”:
1. Close scrutiny and management of costs associated with the monitorship, including a cap on hourly rates, a preliminary
budget, and periodically updated cost estimates.
2. Biannual (at least) “tri-partite” meetings of the government, the company, and the monitor to ensure alignment.
3. Ongoing collaboration among the government, the company, and the monitor, including “an open dialogue” among all
three parties.

This revised and restated DOJ approach to monitors largely mirrors that of the first Trump Administration, during which the
DOJ expressed greater hesitation to impose monitors as part of corporate criminal resolutions. In 2018, the DOJ issued a
memorandum from then Assistant Attorney General Brian Benczkowski (discussed in a prior Alston & Bird advisory, available
here), which instructed that monitors should only be imposed “where there is a demonstrated need for, and clear benefit to be
derived from, a monitorship relative to the projected costs and burdens.” Three years later, however, Biden Administration
Deputy Attorney General Lisa Monaco reversed course and signaled a greater DOJ appetite for the imposition of monitors
(see prior Alston & Bird analysis, available here). It appears the pendulum has now swung back again, with the Criminal
Division resuming something like its prior stance on monitorships and having already terminated certain existing monitorships
early.

Key Takeaways
White-collar enforcement remains a DOJ priority. Since President Trump’s reelection, speculation has swirled about
whether the DOJ would pull back from white-collar criminal enforcement. Various DOJ memoranda and Executive
Orders—most notably the President’s February 10, 2025 order purporting to “pause” DOJ enforcement of the Foreign
Corrupt Practices Act (discussed in a prior Alston & Bird advisory, available here)—have fueled such speculation and
uncertainty. But the Criminal Division’s new plan sends an unmistakable signal: DOJ white-collar enforcement will
continue, and may even expand, as clarified expectations and resource alignment take hold in the coming years.

Broad industry impact. The Criminal Division’s plan distills its white-collar enforcement focus into 10 “high-impact
areas,” which may at first seem to represent a narrowing of the Criminal Division’s focus. However, those areas span
multiple sectors, including health care and life sciences, financial services, investment management, industrials and
manufacturing, natural resources, defense, retail, and others.

The DOJ’s Criminal Division intends to flex its new muscles. Public reports indicate that DOJ leadership plans to
shift certain criminal enforcement responsibilities previously assigned to the Civil Division’s Consumer Protection Branch
to the Criminal Division, and the Criminal Division’s new plan appears to not only reflect that shift—by including as
priorities elder fraud, “fraud that threatens the health and safety of consumers,” and violations of the Food, Drug, and
Cosmetic Act—but to suggest that Criminal Division prosecutors will quickly put these reassigned authorities to use.

More opportunities for whistleblowers. The Criminal Division’s new plan indicates that any speculation that the DOJ
might scale back the Corporate Whistleblower Awards Pilot Program or otherwise express disinterest in whistleblowers is
unfounded. The new plan states that Criminal Division leadership has “reviewed the Criminal Division’s existing pilot
program” and made just one change: expanding the scope of conduct for which whistleblower reports will be
incentivized.

What does the DOJ’s commitment to “efficiency” mean in practice? Galeotti’s remarks in announcing the new
Criminal Division plan highlight potential concerns around DOJ white-collar enforcement: It can be costly, “unchecked,”
“unfocused,” and can drag on for years, unduly disrupting law-abiding businesses. The new plan commits the Criminal
Division to targeted, tailored white-collar enforcement and directs prosecutors to “move expeditiously to investigate
cases and make charging decisions.” But how this commitment will play out remains unclear—whether it will primarily
shape internal decision-making at the DOJ or lead to perceptible outward-facing changes such as more tailored DOJ
expectations and demands of cooperating companies.

A less patient DOJ? As welcome as this increased clarity and focus by the DOJ’s Criminal Division may be, the price of
it for companies likely will be some measure of diminished patience on the part of Criminal Division prosecutors and
supervisors regarding investigative or other delays by subjects and targets of investigations. This raises the stakes for
compliance improvements that will better ensure prompt detection of potentially illegal conduct, skilled and efficient
internal investigations of any such conduct, effective assessment of the all-important self-reporting decision, and adroit
engagement with the government.

Compliance ROI higher than ever. By returning to a more skeptical posture regarding the imposition of independent
compliance monitors, the Criminal Division is offering more of a potential reward than ever to companies that implement
robust compliance programs. Beyond preventing and detecting misconduct, such programs will position companies to
proactively engage with the DOJ and will better position companies to persuade a far more receptive DOJ that a monitor
is unnecessary.

_________________________________________

Originally published May 15, 2025.

Alston & Bird’s White Collar, Government & Internal Investigations team, which is composed of numerous former federal and
state prosecutors and agency staff (including several former DOJ Criminal Division prosecutors), will continue to monitor and
provide updates on the Criminal Division’s implementation of these new policies.

If you have any questions, or would like additional information, please contact one of the attorneys on our White Collar,
Government & Internal Investigations team.

You can subscribe to future advisories and other Alston & Bird publications by completing our publications subscription form.