One Big Beautiful Bill Act (OBBBA) Expands the Scope of Qualified Small Business Stock (QSBS) Tax Exemption

In recent years, startup founders, angel investors, and venture capital funds alike have benefited from the IRS’s qualified small business stock (“QSBS”) tax exemption rules (the “QSBS Rules”). The QSBS Rules contain a major tax exemption and are intended to incentivize investment in startups and small businesses based in the United States. Following the enactment of the One Big Beautiful Bill Act (the “OBBBA”) on July 4, 2025, the scope of the QSBS Rules has been further expanded on multiple fronts, including both dollar value adjustments to account for inflation and expanded access to the exemption for small businesses and startups.

Summary of Changes

Generally speaking, for shares of stock issued before July 4, 2025, the QSBS Rules enable shareholders of “qualified small businesses” to sell their shares without any taxation on up to $10 million in capital gains if they have held their shares for at least five years. For shares of stock issued after July 4, 2025, the OBBBA will expand the QSBS Rules by:

  • increasing the capital gains cap applicable to the exemption from $10 million to $15 million;
  • increasing the “aggregate gross assets” cap applicable to the business issuing the QSBS from $50 million to $75 million; and
  • replacing the hard, 5-year holding period with a tiered structure that provides (1) a 50% tax exemption at 3 years, (2) a 75% tax exemption at 4 years, and (3) a 100% tax exemption at 5 years from issuance.

Key Takeaways

  • Access to QSBS tax treatment has been significantly expanded by the OBBBA, both in terms of the size of individual tax pay exemptions and the size of corporations that may issue shares of QSBS, making now a great time for founders, angel investors, and venture capital groups to connect with legal and tax advisors and implement a QSBS compliant exit strategy.
  • Corporations who have recently issued equity and whose shares qualify for QSBS treatment or who would be deemed as qualified small businesses under the OBBBA amendments should coordinate with legal and tax advisors to determine whether an issuance or other transaction could provide shareholder access to QSBS tax treatment.

The OBBBA’s New QSBS Rules: An In-Depth Review

The QSBS tax exemption was enacted in 1993 and initially provided a 50% tax exemption on up to $10 million in capital gains for the sale of QSBS. Beginning in 2010, the QSBS exemption was repeatedly expanded by subsequent legislation to ultimately provide a 100% tax exemption for QSBS issued after September 27, 2010. For shares of QSBS issued prior to September 27, 2010, the 50% tax exemption still applies; similarly, for shares of QSBS issued prior to July 4, 2025, the pre-OBBBA QSBS Rules (exclusive of the changes referenced above) will continue to apply.

Tax-Exempt Capital Gains Cap                                         

The pre-OBBBA QSBS Rules set a “per-issuer limitation on [a] taxpayer’s eligible gain”, meaning that the maximum amount of tax-exempt capital gains from the sale of stock of a single qualified small business is $10 million. Notably, the limitation is “per issuer” or issuer specific, so a separate $10 million cap on tax exempt capital gains applies to the sale of the QSBS of different qualified small businesses, even if those capital gains are received by the same taxpayer. Additionally, for married taxpayers filing separately, the capital gains cap is limited to $5 million per spouse.

With the enactment of the OBBBA, the annual tax-exempt capital gains cap applicable to the sale of QSBS acquired after July 4, 2025, has been increased to $15 million. Further, for each tax year after 2026, the tax-exempt capital gains cap of $15 million for the sale of such QSBS will be increased annually to account for inflation.

Qualified Small Business Definition and Aggregate Gross Assets Cap

Because QSBS is stock issued by a “qualified small business”, the definition of qualified small business under the QSBS Rules is particularly meaningful. Under the pre-OBBBA rules, the term “qualified small business” means any U.S. domestic C corporation if the aggregate gross assets of such corporation at all times prior to and immediately following the date of the issuance of any purported shares of QSBS are less than or equal to $50 million. As used in the QSBS Rules, “aggregate gross assets” means the amount of cash and the aggregate adjusted bases of other property held by the purported qualified small business. Notably, the aggregate gross assets of a qualified small business include the assets of any affiliates of the business.

Following the enactment of the OBBBA, a business can now be deemed a qualified small business if it holds aggregate gross assets less than or equal to $75 million. Further, for each tax year after 2026, the aggregate gross assets cap of $75 million will be increased annually to account for inflation.

Holding Periods for QSBS

The pre-OBBBA QSBS Rules require, for any shares of QSBS to be eligible for tax exemption upon sale, that the holder of such shares have acquired those shares at least five years prior to the date of sale. No tax exemption is available under this regime until the completion of the five-year holding period.

Unlike the changes to the tax-exempt capital gains cap and the aggregate gross assets cap which, as described above, primarily constitute increases to dollar values to account for inflation, the OBBBA has made more sweeping changes to the QSBS holding period requirement by replacing the hard 5-year cap with tiered, partial exemptions applicable at to QSBS held between three and five years. While shares of QSBS must still be held for five years to receive 100% tax exempt treatment, the OBBBA has added the following holding periods and exemptions:

Years stock held Percentage of Exemption
3 years 50%
4 years 75%
5 years or more 100%

Material QSBS Rules Not Affected By OBBBA

While the OBBBA has certainly modernized the QSBS Rules to the benefit of founders and startup funding groups, stakeholders should be aware of the several QSBS requirements that remain unchanged:

  • QSBS Acquired Prior to July 4, 2025: For all QSBS issued prior to July 4, 2025, the changes described above are of no affect, and all prior thresholds (including the $10 million tax-exempt capital gains cap, the $50 million aggregate gross assets cap, and the hard 5 year holding period) remain in place;
  • Issuer Must be a C Corporation: For stock to receive QSBS treatment under the QSBS Rules, it must be issued by a corporation taxed as a C corporation. Notably, this means that if a corporation has previously made an S Corp election, its stock will not be eligible for QSBS tax treatment.
  • QSBS Must be Acquired from the Issuer: For stock to receive QSBS treatment under the QSBS Rules, the taxpayer seeking QSBS treatment must have acquired the stock directly from the issuer at the stock’s original issuance. This means that stock will not be eligible for QSBS tax treatment if it was acquired in a secondary sale.
  • Qualified Trade or Business: To constitute a qualified small business, a business must be engaged in a “qualified trade or business,” meaning any trade or business other than:
    • Any trade or business involving the performance of services in the fields of health, law, engineering, architecture, accounting, actuarial science, performing arts, consulting, athletics, financial services, brokerage services, or any trade or business where the principal asset of such trade or business is the reputation or skill of 1 or more of its employees;
    • Any banking, insurance, financing, leasing, investing, or similar business;
    • Any farming business (including the business of raising or harvesting trees);
    • Any business involving the production or extraction of natural deposits, such as mines or wells for the extraction of minerals or gases; and
    • Any business of operating a hotel, motel, restaurant, or similar business.
  • Actively Engaged in Qualified Trade: To constitute a qualified small business, a business must be “actively” engaged in its qualified trade or business, meaning that at least 80% (by value) of the businesses assets must be used for the purpose of conducting the qualified trade or business as describe above.
  • Maximum Portfolio Stock or Investment Securities. To constitute a qualified small business, a business may not hold stock or securities in other corporations that are not subsidiaries of the business and that constitute more than 10% (by value) of the business’s aggregate gross assets. For the purposes of the QSBS Rules, a corporation is a subsidiary if the parent owns more than 50% of the voting power or value of all outstanding stock of such corporation.
  • Maximum Real Estate Investment Holdings: To constitute a qualified small business, a business may not hold real property for investment or otherwise not used for the business’s qualified trade or business that constitutes more than 10% (by value) of the business’s aggregate gross assets.

Ultimately, even as amended by the OBBBA, the QSBS Rules are detailed and specific, and stakeholders should carefully review these rules with legal and tax advisors to ensure that QSBS treatment is afforded to their shares.

SEC Relaxes the Burden of Accredited Investor Verification in Rule 506(c) Offerings with Minimum Investment Thresholds

Raising capital as a startup or private investment fund is never easy – especially when it involves navigating complex securities laws. One of the more powerful tools available is Rule 506(c) of Regulation D, which lets companies publicly market their offerings to investors. This is a game-changer for founders who don’t have a deep network of private investors and funds looking to broaden their investor base. But there’s been one big catch: the requirement to verify that every investor is truly “accredited.”

Under older SEC guidance, this meant startups had to review personal financial documents or pay for letters from CPAs, lawyers, or broker-dealers – something many early-stage founders simply couldn’t afford. That changed on March 12, 2025, when the SEC issued new guidance that gives fundraisers a simpler, more affordable option.

Here’s how it works:

If you set a minimum investment threshold of $200,000 for individuals or $1,000,000 for legal entities, you don’t need to collect tax returns or third-party letters. Instead, you can verify investor status if:

  1. The investor signs a written statement confirming they’re accredited (and cites the applicable rule).
  2. They confirm they’re not borrowing money to make the investment.
  3. You (the issuer) don’t know anything that contradicts what they’re saying.

While the minimum investment thresholds may be high for early-stage startups, this new approach can dramatically reduce legal and compliance costs while allowing issuers to publicly promote their offerings to a wider pool of potential investors.

If you are interested in more information about the SEC’s new guidance, see our in-depth article analyzing these requirements. If you have any questions about this guidance or need help ensuring that your fundraising efforts comply with applicable law, contact us at Wagner Hicks PLLC today.

 

 

Zoom Settles Dispute with Federal Trade Commission Regarding Cyber Security Practices

Cyber security

Earlier this month, the Federal Trade Commission (“FTC”) reached a settlement with Zoom Video Communications, Inc. (“Zoom”) regarding alleged misrepresentations related to its security program.  The FTC alleged that Zoom misled users by “touting that it offered ‘end-to-end, 256-bit encryption’ to secure users’ communications, when in fact it provided a lower level of security.

As part of the settlement, Zoom must (1) ensure that its representations to consumers regarding its privacy and security practices are accurate, and (2) update its security practices with a comprehensive new program that includes vulnerability management, annual documentation of risks and new security safeguards such as multi-factor authentication.

The FTC’s regulatory action against Zoom highlights the need for all businesses to ensure that representations regarding privacy and security practices are accurate and implement enterprise-wide cybersecurity protocols that take the specific risks faced by an organization into account.

NC Business Court Discusses the Limits of Attorney-Client Privilege When Attorneys Wear Multiple Hats

Male lawyer or Counselor working in courtroom have meeting with client are consultation with

Attorneys, and clients, are often guilty of taking the position that any communication involving an attorney is privileged and not subject to disclosure.  The law, of course, is much more nuanced.  In today’s world, where reliance on in-house counsel is expanding, and attorneys are consulted as much for their business advice as their legal advice, questions regarding the extent of attorney-client privilege have become more complex.

 

On November 9, 2020, the North Carolina Business Court issued a very helpful opinion analyzing the extent of attorney-client privilege in scenarios where attorneys serve in multiple roles within an organization.  Chief Judge Bledsoe’s opinion in Buckley LLP v. Series 1 of Oxford Insurance Company NC LLC, 2020 NCBC 81, resolved competing motions to compel, where each side sought to compel documents being withheld by the other on the basis of attorney-client privilege and the work product doctrine.

Overview

Plaintiff Buckley, LLP is a law firm that obtained an insurance policy through Defendant Oxford, which included coverage for the loss of key employees.  One of Buckley’s named partners, Andrew Sandler, retired shortly after the policy went into effect, and Buckley filed a $6 million dollar claim with Oxford under the policy.  Oxford refused to pay the claim, arguing that certain exclusions in the policy apply.  Significantly, Oxford contended that Buckley failed to inform Oxford of material facts regarding Sandler prior to the policy taking effect.  Prior to the date of the policy, Buckley had already received allegations of misconduct by Sandler and retained the law firm of Latham & Watkins to investigate the misconduct allegations.  Sandler negotiated a retirement agreement with Buckley rather than participate in the investigation and left Buckley shortly after the policy took effect.

In discovery, Buckley sought Oxford’s internal communications and documents related to its investigation of Buckley’s claim.  Oxford’s general counsel was a member of the team that reviewed Buckley’s claim, and Oxford withheld many of those documents involving its general counsel on the basis of attorney-client privilege.  Similarly, Oxford sought discovery of Buckley’s documents and communications with Latham & Watkins regarding the internal investigation of the misconduct allegations.  Buckley refused to produce its communications with Latham & Watkins on the grounds of attorney-client privilege.  Both sides filed competing motions to compel, which the Business Court resolved in a single opinion.  The Business Court ultimately ordered both parties to produce many, but not all, of the documents they were withholding.

Attorney-Client Privilege

Attorney-client privilege only attaches when the communication “is made in the course of giving or seeking legal advice for a proper purpose.”  As a general rule, if an attorney is not acting as a legal advisor when the communication was made—for instance, by providing financial advice or acting as a business advisor—it is not privileged.  In instances where communications contain both legal and business advice, courts will look to the “primary purpose” of the communication.

Applying these principles, the Business Court found that many of Oxford’s general counsel’s communications were not privileged.  The Business Court concluded that Oxford’s general counsel had a substantial role in the company in reviewing and processing claims for payment.  The Business Court noted that some of the general counsel’s communications reflected the primary purpose of providing legal advice, but most showed her engaging in claim review “in the ordinary course of Oxford’s business.”

This “ordinary course of business” analysis also applied to many of Buckley’s communications with Latham & Watkins.  The Business Court noted that materials “created in the ordinary course of business” and “pursuant to company policy” are typically discoverable and not privileged.  The Business Court noted that, in this instance, the internal investigation was required by Buckley’s own firm policies, which weighed heavily in favor of the documents’ disclosure.  The fact that Buckley chose to hire a prominent law firm to conduct the investigation did not automatically extend privilege to all of its communications with Latham.  The Business Court ultimately determined that many of the documents were “unrelated to the rendition of legal services” and ordered their production.

Takeaways

The Business Court’s opinion is a useful reminder that discovery is a broad tool in litigation, and a lawyer’s participation does not always render a document privileged.  Businesses working with attorneys in in-house or business advisory roles should consider the following, when facing questions of what might become public in a protracted litigation:

  • Was the attorney providing legal or business advice?
  • Did the advice require the attorney to use their legal expertise, or simply their business judgment?
  • Is the communication about a particular legal issue, or is it about our company’s ordinary business?
  • Why was this document created? Is it the result of a company policy?

New CFIUS Regulations Add Another Layer of Regulatory Considerations to Transactions Involving Foreign Investors

Earlier this year, new regulations promulgated by the Committee on Foreign Investment in the U.S. (the “CFIUS”) that implement the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”) took effect, strengthening the oversight authority and expanding the jurisdictional reach of the CFIUS.  Although the new CFIUS regulations initially went largely unnoticed by the vast majority of investors, investors are starting to feel the effect of these expanded regulations as they are advised by deal counsel of a need for targeted due diligence and additional representations and warranties related to CFIUS compliance obligations.

CFIUS Regulatory Framework

The CFIUS, which was created by the Defense Production Act of 1950, is tasked with reviewing any transaction “which could result in foreign control of any person engaged in interstate commerce in the United States.”  50 U.S.C. § 2170.  The basic premise of the regulatory scheme is that the CFIUS will review these transactions, assess the potential for impact on national security, and make formal recommendations to the President as to the appropriate mitigating action necessary to protect the national interest.

Recent Changes to CFIUS Regulations

Until recently, the CFIUS’s jurisdiction was limited primarily to acquisitions of U.S. businesses by non-U.S. businesses.  See Ralls Corporation v. Committee on Foreign Investment in the United States, 758 F.3d 296 (D.C. Cir. 2014).  Earlier this year, however, new CFIUS rules permanently expanded CFIUS jurisdiction to include certain “other” investments—namely, non-controlling foreign investments in U.S. businesses involved in certain critical technologies, critical infrastructure, or the personal data of U.S. nationals (referred to as “TID” businesses, for technology, infrastructure, and data). Covered non-controlling investments afford the foreign investor access to material nonpublic technical information or substantive involvement in the U.S. business’s decision-making with respect to the technology, infrastructure, or data.

In sum, the new CFIUS regulations expanded the jurisdiction of regulators to transactions involving U.S. businesses that: (1) produce, design, test, manufacture, fabricate, or develop “critical technologies”; (2) own, operate, manufacture, supply, or service “critical infrastructure”; or (3) maintain or collect “sensitive personal data” of U.S. citizens that may be exploited in a manner that threatens national security.  31 CFR § 800.211.  Thus, even if a transaction will not result in foreign control of a U.S. business, it may still be subject to CFIUS review if it involves a TID U.S. business.

Critical Technology

For purposes of CFIUS regulations, critical technology is defined as follows:

(a) Defense articles or defense services included on the United States Munitions List (USML) set forth in the International Traffic in Arms Regulations (ITAR) (22 CFR parts 120–130);

(b) Items included on the Commerce Control List (CCL) set forth in Supplement No. 1 to part 774 of the Export Administration Regulations (EAR) (15 CFR parts 730–774), and controlled—

(1) Pursuant to multilateral regimes, including for reasons relating to national security, chemical and biological weapons proliferation, nuclear nonproliferation, or missile technology; or

(2) For reasons relating to regional stability or surreptitious listening;

(c) Specially designed and prepared nuclear equipment, parts and components, materials, software, and technology covered by 10 CFR part 810 (relating to assistance to foreign atomic energy activities);

(d) Nuclear facilities, equipment, and material covered by 10 CFR part 110 (relating to export and import of nuclear equipment and material);

(e) Select agents and toxins covered by 7 CFR part 331, 9 CFR part 121, or 42 CFR part 73; and

(f) Emerging and foundational technologies controlled under section 1758 of the Export Control Reform Act of 2018 (50 U.S.C. 4817).

31 C.F.R. § 800.215.  The nuances of each of these critical technologies should be carefully considered when engaging in a transaction involving foreign investors.

Sensitive Personal Data

The CFIUS also may review certain transactions involving U.S. businesses that maintain or collect sensitive personal data of U.S. citizens that may be exploited in a manner that threatens national security. “Sensitive personal data” is defined to include ten categories of data maintained or collected by U.S. businesses that (i) target or tailor products or services to certain populations, including U.S. military members and employees of federal agencies with national security responsibilities, (ii) collect or maintain such data on at least one million individuals, or (iii) have a demonstrated business objective to maintain or collect such data on greater than one million individuals and such data is an integrated part of the U.S. business’s primary products or services. The categories of data include types of (1) financial (e.g., bank account statements, credit applications, payment history, credit reports, credit scores); (2) geolocation, (3) health data (similar to HIPPA’s definition of non-public health information), (4) e-mail communications, (5) chat or other similar communications, (6) biometrics, and (7) information regarding government contractors.  See 31 C.F.R. § 800.241.

While this may seem like an unreasonable burden, the administrative record includes policy statements that inject some degree of restraint into the definition of sensitive personal data.  84 FR 50177.  More specifically, the ancillary information published in the federal register provides the following:

Given that most companies collect some type of data on individuals, the proposed rule protects national security while attempting to minimize any chilling effect on beneficial foreign investment by focusing on the sensitivity of the data itself, as well as the sensitivity of the population about whom the data is maintained or collected. In particular, the proposed rule identifies specific categories of data that constitute sensitive personal data only if the U.S. business (a) targets or tailors its products or services to sensitive U.S. Government personnel or contractors, (b) maintains or collects such data on greater than one million individuals, or (c) has a demonstrated business objective to maintain or collect such data on greater than one million individuals and such data is an integrated part of the U.S. business’s primary products or services. The proposed definition also includes all genetic information and generally carves out data pertaining to a U.S. business’s own employees.

Id. at 50177-78 (emphasis added).

It is also of note that the information collected does not qualify unless it includes “identifiable data.”  31 C.F.R. § 800.239.  Based on the administrative record, it is clear that regulators wanted businesses to use common sense in assessing whether data constituted “identifiable data” by including the following as part of the administrative record:

In some cases, a U.S. business may maintain or collect the data described in § 800.241(a)(1)(ii)(A)-(J), but it is not possible to attribute such data to any specific individual. For example, a U.S. business may store health records on its servers, but those records are encrypted such that only a third party in possession of the encryption key can read the data. The U.S. business in these circumstances would not be maintaining or collecting sensitive personal data. The proposed rule makes clear, however, that identifiable data is not limited to data that includes an individual’s name or other obvious identifier, but rather includes any personal identifier, as defined in § 800.239.

84 FR 50178 (emphasis added).  Thus, if the information is encrypted or otherwise anonymized, it will not qualify as identifiable dataSee 31 C.F.R. § 800.202 (“The term anonymized data means data from which all personal identifiers have been completely removed.”).

Mandatory Filings

Another significant change in the review regime is the introduction of mandatory filings for certain transactions. Historically, all filings made to the CFIUS were submitted on a voluntary basis. However, FIRRMA introduces, and the new regulations implement, the concept of mandatory filings. Despite this, the process remains mostly based on voluntary filings, with a relatively small number of transactions requiring a mandatory filing, namely, (i) a substantial foreign government investment in a TID U.S. business, or (ii) controlling or non-controlling investments in critical technologies within the scope of the CFIUS Pilot Program on critical technologies.

  • A substantial foreign government investment in a TID business. Under the new regulations, there is a substantial interest if a foreign person obtains 25 percent or more voting interest in the TID business, and a foreign government owns 49 percent or more of the foreign person. FIRRMA §1705(v)(IV)(bb)(AA); 31 CFR §800.244;
  • CFIUS Pilot Program on critical technologies of Nov. 10, 2018. Controlling or non-controlling investments in U.S. businesses that produce, design, test, manufacture, fabricate or develop one or more critical technologies in one of 27 identified industries – including aviation, defense, semiconductors, telecommunications and biotechnology – are subject to a mandatory filing with CFIUS. The final regulations, for now, will continue to use the same NAICS codes. However, the CFIUS announced that it will issue a notice of proposed rulemaking, perhaps moving away from an industry-based approach for these filing requirements in favor of “export control licensing requirements.” In the meantime, mandatory declarations must be filed 45 days before the close of a transaction.

For either mandatory or voluntary filings, FIRRMA has developed an abbreviated filing process through a declaration, allowing parties to submit basic information to the CFIUS.  FIRRMA §1706(v)(1). These provisions are expanded in the new, final regulations.  31 CFR §800.401.  The declarations should generally not exceed five pages in length, and it is likely that a form will be ultimately designed to increase the ease and usefulness of the process. Although declarations are intended to streamline the process by moving less complex transactions through the CFIUS review process with less administrative burden on the filing companies, filing a declaration may actually increase the processing time: the CFIUS has 30 days to render a decision on a mandatory declaration, but may at that time require a full notice, adding a full review cycle to reach a decision, thereby delaying the overall timing of a mergers and acquisition transaction. This may act as a significant deterrent to the use of this mechanism.

Penalties

FIRRMA directs the CFIUS to impose certain fees on parties who violate the CFIUS review process. Any person who submits a material misstatement or omission in a declaration or notice, or who makes certain other false statements, may be liable for a civil penalty of up to $250,000 per violation.  31 C.F.R. 800.901(a). Any person who fails to comply with the mandatory filing procedures may be liable for a civil penalty of up to $250,000 or the value of the transaction, whichever is greater.  31 C.F.R. 800.901(b).  Furthermore, any person who, after Dec. 22, 2018, intentionally or through gross negligence violates a material provision of a mitigation agreement entered into before Oct. 11, 2018, will also be liable for a civil penalty of up to $250,000 or the value of the transaction.  31 C.F.R. 800.901(c).  Further guidance on penalties is expected in new rules to come from the CFIUS.

Conclusion

FIRRMA and the recently enacted final regulations make a variety of sweeping changes to the CFIUS process that will certainly bring more transactions under the scope of CFIUS review.  These changes were implemented in response to increased national security concerns but were carefully crafted to avoid suppressing foreign direct investment in the United States.  Nevertheless, given the significant penalties associated with violations of CFIUS regulations, it is extremely important that all parties to investment transactions take steps to ensure compliance with CFIUS regulations.

 

Regulators at the CFTC, FinCEN, and SEC Issue a Joint Statement on Activities Involving Digital Assets

On October 11, 2019, the chairman of the U.S. Commodity Futures Trading Commission (“CFTC”), the director of the Financial Crimes  Enforcement Network (“FinCEN”), and the chairman of the U.S. Securities and Exchange Commission (“SEC”) issued a joint statement (the “Joint Statement”) to remind persons and entities engaged in activities involving digital assets of their Anti-Money Laundering Countering the Financing of Terrorism (“AML/CFT”) obligations under the Bank Secrecy Act (“BSA”).

The Joint Statement reminds market participants that the AML/CFT obligations apply to entities the BSA defines as “financial institutions,” such as future commission merchants and introducing brokers obligated to register with the CFTC, money services business as defined by FinCEN, and broker-dealers and mutual funds obligated to register with the SEC. Primarily amongst the AML/CFT obligations is the requirement to develop and implement an effective anti-money laundering program and record keeping and reporting requirements, including requirements for reporting suspicious activity.

The BSA, among other things, requires certain regulated entities, including financial institutions, to develop and implement AML compliance programs reasonably designed to assure and monitor compliance with the BSA and its implementing regulations. At a minimum, a regulated entity’s AML compliance program must include:

  • A system of internal controls to ensure ongoing compliance;
  • Independent testing of AML compliance;
  • Designation of an individual or individuals responsible for managing BSA compliance;
  • A comprehensive training program for appropriate personnel; and
  • A customer identification program.

In recent years, regulators have also made it clear that the AML compliance programs must be tailored to the products offered, customer demographics, and the transaction history. In sum, financial institutions must take a hard look at their individual characteristics and develop an AML program that is reasonably designed to prevent bank customers from using financial systems for illicit purposes. Given the growth of virtual currencies and potential risks associated with the use of virtual currency for illicit purposes, it should come as no surprise that regulators are increasingly focused on ensuring that regulated entities appropriately update their AML/CFT compliance programs to take the risks associated with virtual currency into account.

The Joint Statement makes clear that the regulation of virtual currencies and digital assets in the United States will continue to be developed and overseen by multiple regulatory agencies. To determine which agency’s regulations and obligations thereunder apply, one must look to the nature of the respective digital asset-related activities and the characteristics of the respective digital asset or virtual currency. The Joint Statement includes a warning that the label or terminology used by market participants to describe the respective activity or digital asset will not impact the specific regulatory treatment afforded such activity or asset.

In sum, digital assets present a number of regulatory challenges for covered persons and entities, which will need to develop specific, effective processes in order to satisfy their AML/BSA obligations. In light of these challenges, as well as heightened expectations of government stakeholders, covered persons and entities should review and update existing policies, procedures, and systems to ensure they have the necessary infrastructure to deal with the unique regulatory issues presented by digital assets and currency.

CVC Joint Policy Statement_508 FINAL_0

California Attorney General Releases Proposed CCPA Regulations

Earlier this month, California Attorney General (AG) Xavier Becerra released the draft regulations for the California Consumer Privacy Act (CCPA). The proposed rules, which set forth procedures for businesses covered under the CCPA to follow for compliance, should provide the framework for the final rules and give covered businesses a head start on updating their compliance policies. The rules can be found here.

CMS Proposes Revisions to Stark Law Aimed to Facilitate Value-Based Care

On October 9, 2019, the Centers for Medicare & Medicaid Services (CMS) of the Department of Health and Human Services (HHS) released its long-awaited Proposed Rule (Proposed Rule) updating and clarifying the physician self-referral (Stark Law) regulations, which was published in the Federal Register on October 17, 2019.

CMS’s Proposed Rule was released together with the HHS Office of Inspector General’s (OIG) proposed rule updating the anti-kickback statute and civil monetary penalty law regulations as part of HHS’s Regulatory Sprint to Coordinated Care, which aims to promote value-based care. HHS identified the regulations as they stand now as potential obstacles to value-based purchasing arrangements for providers and suppliers participating in federal health care programs and the commercial sector.  The proposals were launched following a series of HHS Requests for Information soliciting stakeholder feedback on (1) Stark Law burden reduction, (2) AKS and CMP refinements, and (3) reforms to the Health Insurance Portability and Accountability Act.

The proposed changes are delineated in a pair of rules issued by the Centers for Medicare and Medicaid Services (CMS) (proposed rulefact sheet) (Stark Law) and the Office of Inspector General (OIG) (proposed rulefact sheet) (AKS and CMP). The OIG rule also includes a new safe harbor for cybersecurity items, services, and modifications to the existing safe harbor for Electronic Health Records (EHRs).

While these proposed regulatory changes are expansive and relatively complicated, the overall direction of the changes to Stark, AKS, and CMP policies is to provide greater flexibility to providers engaging in value-based purchasing arrangements. The comment window extends through December 31, 2019. Given the potential impact of these proposed changes, there will likely be robust stakeholder feedback with finalization of the changes potentially coming sometime in the middle of 2020.

Delaware Court of Chancery Denies Director’s Motion to Compel Attorney-Client Privileged Documents

In Eric Gilmore v. Turvo, Inc., C.A. No. 2019-0472-JRS, the Delaware Court of Chancery denied a director’s Motion to Compel seeking attorney-client privileged communications between Turvo Inc.’s (“Turvo”) Preferred Directors, officers, or employees and an outside law firm. The general rule in Delaware is that all directors are within the umbrella of privilege between the Board and its counsel and, as a result, a Delaware corporation cannot assert privilege to deny a director access to legal advice furnished to the board during the director’s tenure. The communications in question took place before the Board meeting where the Preferred Directors removed plaintiff as CEO and retained the outside law firm as counsel to the Board. Plaintiff argued that, even though the Board had longstanding counsel, the outside law firm’s advice was being furnished to the Board prior to the formal engagement of the outside law firm by Turvo and therefore Plaintiff was entitled to the communications. The Court disagreed, holding that there was no basis to conclude that outside counsel had been retained by the Board before the meeting because there had been no act by the Board to hire the firm before the meeting. The Court found that any advice provided by outside counsel prior to being engaged by Turvo was in connection with its representation of one specific Preferred Stockholder of Turvo and the director it had appointed. As a result, Plaintiff was an outsider to the relationship and had no right to pierce it.

The Court’s ruling is a reminder to Delaware corporations of the weight the Court of Chancery will place on Board actions and engagement formalities in determining the availability of privilege in Board communications.

A link to the full case is below.

Gilmore v Turvo

Attorney Sean C. Wagner Gives Presentation in Washington, D.C. on Corporate Formation, Organization, and Governance Issues to Healthcare Industry Entrepreneurs

Wagner Hicks attorney Sean C. Wagner recently presented to a group of healthcare industry entrepreneurs at an event in Washington, D.C., during which he led a discussion on the importance of corporate formation, organization, and governance. During his presentation, Mr. Wagner highlighted common, preventable reasons for partnership disputes and the potentially disastrous consequences these disputes can have on otherwise successful businesses.

Wagner Hicks is a leader in providing comprehensive, proactive advice to businesses of all sizes and industries, including healthcare practices across the country, in matters involving shareholder disputes and derivative litigation, corporate governance, and other related matters.

Instagram: wagnerhicks.law
Facebook: @wagnerhicks.law
LinkedIn: https://www.linkedin.com/company/wagner-hicks-pllc