White-Collar Enforcement Trends and Update – Texas

Texas companies and executives face increasing risks in an environment of active white-collar enforcement at the state and federal level. In Texas, white-collar enforcement is carried out through a combination of state authorities led by the Texas Office of the Attorney General (OAG) and, at the federal level, the Department of Justice (DOJ), as well as a host of other agencies. With more Fortune 500 companies headquartered in Texas than any other state, and with continued corporate migration to the state, Texas companies stand to be particularly impacted by federal and state white-collar developments.

During the past year, the DOJ has prioritised white-collar enforcement actions, including obtaining convictions against the CEOs of the world’s two largest cryptocurrency platforms – FTX and Binance – and dozens of executives across an array of industries. Texas, as an emerging hub for cryptocurrency mining, stands to be particularly impacted by industry developments. Other regulators and agencies, such as the Securities & Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and the Internal Revenue Service (IRS), among others, have also played key supporting roles in the federal government’s enforcement of white-collar laws.

For its part, the DOJ prioritised individual accountability for corporate misconduct and has increasingly used a mix of carrots and sticks to promote responsible corporate citizenship. It has built on existing task forces that cut across multiple agencies, as well as fostered co-operation and deterrence through a focus on corporate compliance, whistle-blower protections, and expanded voluntary self-disclosure initiatives. It has also taken notable steps to combat threats from disruptive technologies, such as artificial intelligence.

At the state level, the OAG has prioritised, among other areas, the enforcement of election integrity laws, Texas privacy laws, and Medicaid fraud enforcement. Among its more notable accomplishments during 2024, the OAG secured a USD1.4 billion settlement with Meta (formerly known as Facebook) in a suit to enforce the state’s Capture or Use of Biometric Identifier Act, marking the largest settlement ever obtained from an action brought by a single state as well as the largest privacy settlement ever for an attorney general.

Texas white-collar enforcement, generally

The Texas Office of the Attorney General plays an important role in setting the state’s white-collar enforcement priorities. The OAG enforces an array of white-collar laws, including policing Medicaid fraud, civil consumer protection and antitrust violations. The OAG’s White-Collar Crime and Public Integrity Section oversees election law violations, fraud and cybercrimes. Its Special Investigations Unit investigates white-collar crimes, including money laundering, public integrity violations, election fraud and transnational organised crime. In addition, the OAG’s Tax Litigation Division defends the Texas Workforce Commission’s unemployment fraud decisions as well as the Texas Comptroller’s tax fraud penalty assessments.

Texas Medicaid fraud

The Texas Office of Attorney General, Medicaid Fraud Control Unit (MFCU) investigates Medicaid provider fraud. During fiscal year 2023, the MFCU brought charges against 79 defendants and imposed over USD51 million in fines and restitution.

The OAG’s Civil Medicaid Fraud Division (CMF) investigates Medicaid violations and prosecutes civil claims. During fiscal year 2023, the CMF recovered in excess of USD151 million related to Medicaid fraud and successfully maintained several civil actions, including civil actions against Shire OLC; Baxter International, Inc.; Baxalta Incorporated; Viorpharma Inc.; Takeda Pharmaceuticals U.S.A., Inc.; and Takeda Pharmaceuticals America, yielding a total recovery in excess of USD42 million.

The CMF is currently engaged in several ongoing, high-profile cases, including against drug manufacturers Pfizer, Inc.; Tris Pharma, Inc.; and Tris CEO, Ketan Mehta. The CMF is also engaged in ongoing litigation with drug manufacturer Gilead Sciences, Inc. for misrepresentations to Texas Medicaid and an appeal involving a dental provider after the OAG obtained a USD16 million jury verdict based on allegations of misrepresentations to Texas Medicaid.

Texas election laws

The Office of the Attorney General has prioritised the prosecution of election fraud, a development that is particularly relevant in an election year. Chapter 273 of the Texas Election Code gives the OAG authority to investigate election code violations throughout Texas. The OAG has carried out sweeping investigations into so-called “vote harvesting” schemes. During 2024, however, a federal district court struck down a key provision in Senate Bill 1, a Texas election integrity law and issued an injunction prohibiting the OAG from opening investigations into other potential violations. But the OAG obtained a stay of the injunction from the Fifth Circuit, allowing continued enforcement.

Texas privacy laws

The new Texas Data Protection and Security Act (TDPSA) took effect on 1 July 2024. Shortly thereafter, the Texas Attorney General announced the formation of a new unit, housed within the Consumer Protection Division of the OAG and focused on the enforcement of Texas privacy laws.

The OAG’s data privacy team has prioritised the enforcement of Texas’s privacy protection laws, including the Data Privacy and Security Act, the Identify Theft Enforcement and Protection Act, the Data Broker Law, the Biometric Identifier Act, the Deceptive Trade Practices Act and federal laws including the Children’s Online Privacy Protection Act (COPPA) and the Health Insurance Portability and Accountability Act (HIPAA).

During 2024, the OAG secured a USD1.4 billion settlement with Meta (formerly known as Facebook) to stop the company’s practice of capturing and using the personal biometric data of millions of Texans without authorisation. The settlement was the largest ever obtained from an action brought by a single state and is the largest privacy settlement ever for an Attorney General. The suit was the first lawsuit brought under Texas’s “Capture or Use of Biometric Identifier” Act.

Overarching white-collar trends affecting Texas

The federal government has bolstered its efforts to identify and prosecute white-collar crime in recent years and it built upon that progress in 2024 – trends that will impact Texas. These efforts have been carried out through the expansion of several “tools,” including the use of specialised task forces and the prioritisation of corporate self-disclosure initiatives and corporate compliance.

Specialised task forces

The government has increased the use of specialised task forces in recent years. Several notable task forces involved in white-collar enforcement are highlighted below.

I) The COVID-19 Fraud Enforcement Task Force

The COVID-19 Fraud Enforcement Task Force (CFETF) was formed in the aftermath of the COVID-19 pandemic. The task force is charged with identifying, investigating, and prosecuting fraud with respect to economic aid programmes intended to help those negatively impacted by the COVID-19 pandemic, including programmes such as the Paycheck Protection Program (PPP), Economic Injury Disaster Loans (EIDL), Restaurant Revitalization Funds (RRF), Shuttered Venue Operator Grants (SVOG), State and Local Fiscal Recovery Funds (SLFRF), Coronavirus Farm Assistance Program (CFAP), Emergency Rental Assistance Program (ERAP) and Unemployment Insurance (UI). Despite its short history, the CFETF has charged more than 3,500 defendants, seized or forfeited over USD1.4 billion in COVID-19 relief funds, and filed more than 400 civil lawsuits resulting in court judgements and settlements of over USD100 million, underscoring the level of fraud related to COVID-19 and ongoing enforcement actions related to it.

II) The Health Care Fraud Prevention and Enforcement and Action Team

The Health Care Fraud Prevention and Enforcement Action Team (HEAT) is a joint initiative between the Department of Health and Human Services, the Office of the Inspector General, and the DOJ. It has played a critical role in combatting health care fraud. A key component of HEAT is the Medicare Fraud Strike Force – an interagency task force that targets emerging health care fraud schemes. In July of 2024, the DOJ announced charges against nearly 200 defendants with committing over USD2.7 billion in health care fraud, signalling that health care fraud remains an active enforcement priority.

III) The National Cryptocurrency Enforcement Team

Created in 2021, the National Cryptocurrency Enforcement Team (NCET) was established to meet the challenges posed by the criminal misuse of cryptocurrencies and digital assets. The NCET is comprised of attorneys from across the DOJ, including prosecutors with backgrounds in cryptocurrency, cybercrime, money laundering and forfeiture. In 2023, the NCET was merged into the Computer Crime and Intellectual Property Section (CCIPS) in an attempt to consolidate the DOJ’s expertise in cybercrime. The NCET is charged with identifying, investigating, and supporting cases involving digital assets, with a particular focus on virtual currency exchanges, mixing and tumbling services, infrastructure providers and other entities that enable the misuse of cryptocurrency and related technologies.

IV) The Disruptive Technology Strike Force

On 16 February 2023, the Departments of Justice and Commerce, alongside the Federal Bureau of Investigation and Homeland Security Investigations, launched the Disruptive Technology Strike Force in an effort to protect advanced technology from being unlawfully acquired by foreign adversaries. In its first year of existence, the strike force charged more than a dozen cases involving sanctions and export control violations and other offences related to the unlawful transfer of sensitive information, goods and military-grade technology to Russia, China or Iran.

Among other areas, the strike force maintains a focus on investigating and prosecuting criminal violations of export laws and on using advanced data analytics and intelligence to develop and build investigations.

Corporate compliance

A second overarching theme in the white-collar enforcement space that will impact Texas companies and executives is the DOJ’s focus on fostering corporate compliance.

In September of 2024, the Department of Justice updated its Evaluation of Corporate Compliance Programs (ECCP) guidance. The ECCP establishes factors that the DOJ will consider in conducting an investigation of a corporation, determining whether to bring charges, and negotiating pleas or other agreements. Under the guidance, companies with strong corporate compliance programmes and internal controls systems are more likely to receive favourable outcomes in a dispute with the DOJ.

Several of the DOJ’s revisions to the ECCP shed particular light on its current priorities and provide guidance for companies in developing compliance programmes. The following are among the notable additions to the updated ECCP:

• Risks related to new technology such as artificial intelligence – The updated ECCP sets out criteria to evaluate the technology that a company utilises, whether the company has conducted a risk assessment of the use of that technology, and whether the company has taken appropriate steps to mitigate risks associated with the use of that technology.
• Whistle-blower protection – The updated ECCP establishes an expectation that companies will take proactive measures to protect and incentivise whistle-blowers and the anonymous or confidential reporting of allegations of a breach of the company’s code of conduct, company policies, or suspected or actual misconduct. Under the ECCP, confidential reporting mechanisms are highly probative in DOJ’s evaluation of whether a company has established corporate governance mechanisms that can effectively detect and prevent misconduct.
• Mergers and acquisitions and compliance programmes – The updated ECCP emphasises the importance of incorporating M&A due diligence into the company’s compliance programme, including providing for comprehensive due diligence of any acquisition targets, as well as a process for the timely and orderly integration of the acquired entity into existing compliance programme structures and internal controls.

Voluntary self-disclosures

In conjunction with its focus on corporate compliance programmes and a focus on evolving threats, the DOJ has deployed several initiatives intended to encourage and reward voluntary self-disclosure of misconduct – disclosure initiatives aimed at both individuals and companies, as well as programmes focussing on M&A disclosures and compensation claw-backs. Texas companies and executives may be impacted by such developments.

I) Voluntary self-disclosure for individuals

During 2024, the DOJ launched a new pilot programme for voluntary self-disclosure for individuals designed to encourage voluntary self-disclosure by individual participants in certain types of criminal conduct involving corporations. Under the pilot programme, in exchange for self-disclosing; fully co-operating; and paying any applicable victim compensation, restitution, forfeiture, or disgorgement, the DOJ will enter into a non-prosecution agreement (NPA) where certain specified conditions are present.

To qualify for protection under the DOJ’s new voluntary self-disclosure programme for individuals, the reporting individual must disclose original, non-public information relating to at least one of the following areas:

• violations by financial institutions, their insiders, or agents;
• certain violations related to the integrity of financial markets;
• violations related to foreign corruption and bribery by, through, or related to public or private companies, including violations of the Foreign Corrupt Practices Act, violations of the Foreign Extortion Prevention Act, and violations of the money laundering statutes;
• violations related to health care fraud or illegal health care kickbacks committed by or through public companies or private companies with 50 or more employees;
• violations by or through public or private companies with 50 or more employees related to fraud against, or the deception of, the United States in connection with federally funded contracting; or
• violations committed by or through public or private companies related to the payment of bribes or kickbacks to domestic public officials.

II) Voluntary self-disclosure for companies

The DOJ recently implemented new policies with respect to voluntary self-disclosure for companies in an effort to ensure that its policies remain consistent, transparent, and predictable. Under the DOJ’s Voluntary Self Disclosure programme, the DOJ encourages corporations, as part of their compliance programmes, to conduct internal investigations and to self-disclose misconduct.

Under DOJ policy, where a company has voluntarily self-disclosed misconduct, fully co-operated, and timely and appropriately paid all remediation, the DOJ will presumptively decline prosecution of the company, absent aggravating circumstances.

Aggravating circumstances for these purposes include, but are not limited to: involvement by executive management of the company in the misconduct; a significant profit to the company from the misconduct; egregiousness or pervasiveness of the misconduct within the company; or criminal recidivism. However, even where aggravating circumstances are present, under the DOJ’s programme, prosecutors may nonetheless decline prosecution if the company demonstrates that it has met each of the following factors:

• the voluntary self-disclosure was made immediately upon the company becoming aware of the allegation of misconduct;
• at the time of the misconduct and disclosure, the company had an effective compliance programme and system of internal accounting controls, which enabled the identification of the misconduct and led to the company’s voluntary self-disclosure; and
• the company provided extraordinary co-operation and undertook extraordinary remediation.

M&A due diligence and remediation

Beginning in 2023, the DOJ adopted an M&A due diligence and remediation policy that applies to misconduct uncovered in the context of M&A pre- or post-acquisition due diligence. Given the sizeable M&A market in Texas, Texas companies stand to be particularly impacted.

Under the M&A policy, an acquiring entity that meets the following three criteria will receive a presumption of a declination:

• timely disclosure of misconduct uncovered as a result of pre- or post-acquisition M&A due diligence, which generally means within 180 days of the closing date of the transaction;
• timely and full remediation of the misconduct, which generally means within one year of the closing date of the transaction; and
• agreement to pay all disgorgement/forfeiture, and/or restitution/victim compensation payments resulting from the misconduct at issue.

An acquiring company that voluntarily discloses misconduct pursuant to the M&A Policy and otherwise fully co-operates will receive a presumption of a declination, even if aggravating circumstances existed as to the acquired company.

Compensation incentives and claw-back pilot programme

In March of 2023, the DOJ announced a significant policy update: a three-year compensation claw-back pilot programme. The programme consists of two parts: (i) a requirement that the company include criteria related to compliance in its compensation and bonus system, providing clear metrics both to reward compliance-promoting behaviour and to deter misconduct; and (ii) a fine reduction to companies that recoup or withhold compensation from culpable employees and others who had supervisory authority over the employees engaged in the misconduct and knew of, or were wilfully blind to, the misconduct. The fine reduction is equal to the amount of the withheld compensation.

Pandemic-related fraud

During the COVID-19 pandemic, the federal government authorised approximately USD5 trillion in relief funds and programmes. Those programmes included the Paycheck Protection Program (PPP); the Economic Injury Disaster Loan Program (EIDL); and the Federal Pandemic Unemployment Compensation (FPUC), among others. The inspector general of the US Small Business Administration (SBA) estimates that fraudulent disbursements from these programmes potentially exceeded USD200 billion.

As of March of 2024, the Internal Revenue Service’s Criminal Investigation Division reported that it had investigated more than 1,600 tax and money laundering cases related to COVID-19 fraud potentially totalling USD8.9 billion. As of that time, it reported a 98.5% conviction rate; that 795 people had been indicted for alleged crimes related to COVID-19; and that more than 370 individuals had been sentenced to an average of 34 months in federal prison.

The Justice Department’s COVID-19 Fraud Enforcement Task Force (CFETF) reported that it has now charged more than 3,500 defendants, seized or forfeited over USD1.4 billion in stolen COVID-19 relief funds, and filed more than 400 civil lawsuits resulting in court judgements and settlements of over USD100 million. The SBA, for its part, reports that it, working in conjunction with the US Secret Service and other federal agencies, has seized or had returned some USD30 billion of improperly obtained COVID-19 relief funds.

Cryptocurrency

In 2023, the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) received more than 69,000 complaints from the public regarding financial fraud involving the use of cryptocurrency, such as bitcoin, ether or tether. It estimates that losses during that year with a nexus to cryptocurrency totalled more than USD5.6 billion. Other industry sources have estimated crypto-related fraud to be even more prevalent, with Chainanalysis estimating that illicit blockchain addresses received more than USD24 billion in 2023.

During the past year, the DOJ secured the conviction and sentence of Sam Bankman-Fried, the founder and CEO of FTX, an international cryptocurrency exchange, for an USD8 billion fraud. The DOJ also brought charges against Binance, the world’s largest virtual currency exchange and its founder and CEO, Changpeng Zhao, resulting in some USD4.3 billion in penalties. The Binance penalties were among the largest criminal penalties in history and represent the single largest penalty ever assessed against a money services business.

In an effort to expand its cryptocurrency resources, the DOJ created the NCET, discussed above under III) The National Cryptocurrency Enforcement Team.

Of particular note, in October of 2024, Texas-based Crypto.com brought a suit in federal court against the SEC, alleging that the agency exceeded its authority in asserting jurisdiction over crypto-based assets. The case serves as a harbinger of potential future litigation in the industry and stands to impact Texas, which has become a global hub for the cryptocurrency industry in general and for cryptocurrency mining in particular.

Corporate Whistleblower Awards Pilot Program

In August of 2024, DOJ’s Criminal Division launched a Corporate Whistleblower Awards Pilot Program aimed at uncovering and prosecuting corporate crime. Under this pilot programme, a whistle-blower who provides original and truthful information about corporate misconduct that results in a successful forfeiture may be eligible for an award.

The DOJ, recognising the limited scope of existing whistle-blower programmes – such as those at the SEC, CFTC, IRS, and the Financial Crimes Enforcement Network (FinCEN) – and the limited scope of whistle-blowing incentives through qui tam actions, established a pilot whistle-blower award programme designed to fill existing gaps.

Under the programme, if an individual helps DOJ uncover significant corporate or financial misconduct, the individual may qualify to receive a portion of the resulting forfeiture. The information must relate to one of the following areas:

• certain crimes involving financial institutions, from traditional banks to cryptocurrency businesses;
• foreign corruption involving misconduct by companies;
• domestic corruption involving misconduct by companies; or
• health care fraud schemes involving private insurance plans.

Where information leads to a forfeiture of more than USD1 million in net proceeds, whistle-blowers may receive up to 30% of the first USD100 million in net proceeds forfeited, and up to 5% of any net proceeds forfeited between USD100 million and USD500 million.

Among other eligibility caveats, however, the DOJ’s whistle-blower programme prohibits payments to any whistle-blower who meaningfully participated in the criminal activity they report.

The Corporate Transparency Act

With effect from 1 January 2024, many US companies are now required to report information about their underlying beneficial owners to FinCEN, a bureau of the US Department of the Treasury. In 2021, Congress enacted the Corporate Transparency Act (CTA), which was designed to target illicit finance. The CTA’s sweeping changes, which went into effect in 2024, provide federal authorities with new and enhanced tools to investigate illicit financial transactions.

Under the CTA, certain US entities and foreign entities that are registered to do business in the United States are required to report their beneficial owners to FinCEN. However, many types of entities are exempt from beneficial ownership information reporting requirements, including publicly traded companies, non-profits, and certain large operating companies. Beneficial owners include any individual who directly or indirectly exercises substantial control over a reporting company or owns or controls at least 25% of the ownership interests of a reporting company.

The Foreign Corrupt Practices Act

The Foreign Corrupt Practices Act (FCPA) remains an important consideration for global companies and corporate compliance. As discussed below, federal authorities have continued to prioritise FCPA enforcement.

In the early months of 2024, the DOJ reached several settlements for violations of the FCPA, including matters with penalties of over USD661 million in United States of America v Gunvor S.A. and USD222 million in United States of America v SAP SE. It also prevailed in an FCPA trial relating to an overseas bribery scheme. The SEC, for its part, has also been active, recently imposing sanctions exceeding USD9 million against Deere & Company for violations involving the bribery of Thai officials.

The past year has seen a particular focus on the investigation of FCPA violations perpetrated by commodities traders. For example, on 1 March 2024, Gunover, S.A., a Swiss commodities trading company, pleaded guilty to paying more than USD97 million to intermediaries, knowing that some of the funds would be used to bribe Ecuadorean officials. Gunover acknowledged that bribe payments were routed through banks in the United States using shell companies in Panama and the British Virgin Islands and agreed to pay more than USD661 million to resolve the matter.

Also in March of 2024, the DOJ announced that Trafigura Beheer B.V., an international commodities trading company with its primary operations in Switzerland, pleaded guilty and agreed to pay over USD126 million to resolve an FCPA investigation stemming from bribes to Brazilian government officials to secure business with Brazil’s state-owned and state-controlled oil company, Petróleo Brasileiro S.A.

In addition to recent enforcement actions, other developments may impact the FCPA. For example, the US Supreme Court’s 2024 decision in Snyder v United States may have potential bearing on certain future FCPA cases. In that decision, the Supreme Court held that a federal bribery statute, 18 U.S.C. § 666, drew a distinction between bribes (covered) and gratuities (not covered) in the domestic context – a distinction that will likely be raised in the FCPA context where it is unclear whether a payment is a bribe or gratuity.

Foreign Extortion Prevention Act

On 22 December 2023, the president signed into law the Foreign Extortion Prevention Act (FEPA) as part of the National Defense Authorization Act for Fiscal Year 2024. The FEPA represents a notable expansion in federal anti-corruption laws, taking aim at foreign bribery. While the FCPA targets the “supply side” of foreign bribery, the FEPA fills a gap in the law, criminalising the “demand side” of foreign bribery – prohibiting foreign officials from demanding, seeking, receiving, accepting, or agreeing to receive or accept anything of value from proscribed individuals and entities.

Congressional sponsors of the FEPA emphasised the motivation to level the playing field for companies that conduct business outside of the United States. A FEPA violation carries a maximum sentence of 15 years of imprisonment and a maximum fine of USD250,000 or three times the monetary equivalent of the value of the bribe.

Takeaways

White-collar criminal and regulatory enforcement remain priorities at the state and federal levels in Texas. During the past year, the government has built upon several key tools, including the use of specialised task forces and expanded corporate compliance mechanisms, whistle-blower protections, and voluntary self-disclosure initiatives. It has also continued to focus on pandemic-related fraud and risks presented by disruptive technologies, such as cryptocurrency and artificial intelligence. The Texas OAG demonstrated its prioritisation of, among other areas, the enforcement of election integrity laws, Texas privacy laws and Medicaid fraud enforcement. Companies and executives can expect the DOJ, OAG and regulatory agencies to continue to build on momentum in these areas in the coming year.