Regulators are intensifying personal liability for compliance leadership while simultaneously finalizing strict new prohibitions on standard employment contracts and data security protocols.
Good morning. 8 regulatory developments today — one in full below, then 7 more for subscribers.
LEAD STORY — FREE TO READ
The Federal Trade Commission (FTC) has filed a motion for civil contempt in the U.S. District Court for the District of Utah against dietary supplement provider Amare Global Holdings, its CEO, and its former Chief Science Officer, Shawn Talbott. The filing alleges violations of a 2004 permanent injunction that prohibited Talbott and his associates from making unsubstantiated health claims regarding weight loss or disease treatment. This enforcement action follows a separate June 2024 lawsuit against the multilevel marketing firm, which identified at least 15 specific instances where the defendants allegedly marketed products as effective treatments for mental health conditions without competent and reliable scientific evidence.
For legal and compliance teams in the healthcare and dietary supplement sectors, this action underscores the enduring risk of "legacy" consent decrees, which the FTC can enforce decades after their initial issuance. General Counsel must recognize that individual liability extends to executives and "founding brand partners" who facilitate deceptive marketing, even when operating under new corporate entities. Compliance programs must implement rigorous substantiation audits for all health-related claims, as the FTC is increasingly seeking significant monetary judgments and permanent bans on participating in specific industries for repeat offenders. Operational oversight must now include vetting the prior regulatory history of all C-suite hires to identify existing permanent injunctions that could trigger contempt proceedings against the current firm.
Market participants should monitor the court’s ruling on the FTC’s request for a permanent injunction and monetary relief, as a favorable judgment would establish a precedent for the agency’s ability to bypass the limitations of Section 13(b) through contempt motions.
Today’s briefing details critical shifts in enforcement priorities regarding data security protocols, noncompete restrictions, and disclosure obligations for financial advisors. Failure to monitor these evolving regulatory standards and the associated personal liability for compliance leadership could result in significant exposure and operational disruption. Subscribers can access the full analysis of these developments and upcoming comment deadlines below.
The Federal Trade Commission (FTC) has finalized a modified consent order against Illuminate Education Inc. following allegations that the company’s inadequate data security practices led to a 2022 breach affecting millions of students. The enforcement action addresses claims that the educational software provider failed to implement basic safeguards, such as encryption and multi-factor authentication, despite public representations regarding its security posture.
The order mandates that Illuminate implement a comprehensive information security program, including documented risk assessments and third-party audits. Compliance obligations include strict data minimization requirements, the immediate deletion of unnecessary consumer data, and a prohibition against collecting more information than is required for specific educational purposes. This settlement signals heightened FTC scrutiny of the EdTech sector and establishes a baseline for data retention and security protocols that providers must maintain to avoid deceptive practice allegations under the FTC Act.
Regulated entities should monitor the FTC’s increasing use of data minimization mandates in consent decrees as a primary tool for reducing the surface area of potential future breaches.
The Federal Trade Commission (FTC) recently vacated a proposed consent order against Rytr, an AI writing assistant provider, signaling a shift in the agency’s approach to regulating generative AI tools capable of producing deceptive consumer reviews. This action follows a commission vote questioning the nexus between technology providers and the fraudulent content generated by third-party users under Section 5 of the FTC Act.
Legal departments must reconcile this federal pivot with the $42.45 billion Broadband Equity, Access, and Deployment (BEAD) program, which ties infrastructure funding to AI-related cybersecurity standards. Simultaneously, comprehensive state-level AI statutes in Colorado and California necessitate immediate adjustments to governance frameworks to meet varying transparency and impact assessment requirements. These developments require a strategy addressing both sector-specific federal funding conditions and cross-sectoral state mandates for automated decision-making systems.
Stakeholders should monitor the FTC’s forthcoming final rule on fake reviews and the Department of Commerce’s implementation of AI safety benchmarks for federal contractors.
The Federal Trade Commission (FTC) has finalized a consent order against a nationwide security services provider, mandating the immediate rescission of noncompete agreements for thousands of low-wage employees. This enforcement action follows allegations that the employer’s blanket use of restrictive covenants constituted an unfair method of competition under Section 5 of the FTC Act by suppressing wages and obstructing labor mobility.
Legal departments must evaluate existing employment contracts to ensure restrictive covenants are narrowly tailored to protect legitimate business interests rather than serving as industry-wide barriers to entry. The order requires the respondent to provide written notice to all affected current and former employees that their noncompete obligations are null and void. Compliance officers in labor-intensive sectors should anticipate heightened scrutiny of "no-poach" provisions and non-disclosure agreements that function as de facto noncompetes, as the agency continues to prioritize labor market competition through individual enforcement actions.
Market participants should monitor the pending litigation regarding the FTC’s broader final rule banning most noncompete agreements nationwide, which remains subject to federal court challenges.
The Securities and Exchange Commission (SEC) has fined Vanguard and Empower Advisory Group more than $25 million to settle charges involving failures to disclose compensation arrangements for investment advisers. The enforcement actions center on the firms’ failure to provide clear information regarding how advisers were compensated for steering clients toward specific investment products and services, violating the Investment Advisers Act of 1940.
These settlements underscore the SEC’s heightened scrutiny of revenue-sharing and compensation disclosures within the wealth management and retirement plan sectors. Registered investment advisers must ensure that all potential conflicts of interest, particularly those involving financial incentives for product placement, are explicitly detailed in Form ADV filings and client communications. Compliance officers should immediately audit existing disclosure frameworks to verify that third-party payments and internal incentive structures meet the agency’s transparency standards to avoid similar multi-million dollar penalties.
Market participants should monitor the SEC’s upcoming examination priorities for 2025, which are expected to further emphasize the duty of loyalty and the adequacy of conflict-of-interest disclosures across the financial services industry.
The Securities and Exchange Commission (SEC) has imposed fines and suspensions on the Chief Compliance Officer and Deputy CCO of Canaccord Genuity LLC, preceding a $120 million penalty against the firm for systemic anti-money laundering (AML) failures. The enforcement action targets individual accountability for the failure to implement adequate internal controls and suspicious activity reporting protocols required under the Bank Secrecy Act.
This action underscores the heightened personal liability for compliance personnel when institutional failures are deemed persistent or willful. Financial institutions must ensure that AML programs are not merely documented but are operationally integrated with real-time monitoring capabilities to detect high-risk transactions. Legal and compliance teams should review delegation structures and reporting lines to ensure that individual officers possess the necessary authority and resources to address identified deficiencies before they escalate to multi-million dollar settlements.
Market participants should monitor upcoming SEC and FINRA examinations for an increased focus on the personal liability of control function executives in cases of institutional AML negligence.
The Securities and Exchange Commission, in coordination with eight other financial regulators, has issued a final rule establishing joint data standards as mandated by the Financial Data Transparency Act of 2022 (FDTA). This rule defines the technical requirements for data submitted to the SEC, the Federal Reserve, the FDIC, and the OCC, among other agencies, to ensure interoperability and machine-readability across the federal financial regulatory landscape.
Regulated entities must prepare for a transition to standardized, non-proprietary legal entity identifiers and common data schemas for all regulatory filings. Compliance officers should anticipate significant operational adjustments to internal reporting systems to meet these uniform technical specifications, which aim to eliminate data silos and enhance automated oversight. The standards apply to a broad range of sectors, including investment advisers, broker-dealers, and banking organizations, increasing the precision of cross-agency risk monitoring and enforcement targeting.
Market participants should monitor forthcoming agency-specific rulemakings that will detail the precise implementation timelines and technical taxonomies for individual reporting forms over the next two years.
House Judiciary Committee Ranking Member Jerrold Nadler and nine Democratic lawmakers have formally requested that the Department of Justice Office of the Inspector General launch an independent investigation into alleged political interference within the DOJ Antitrust Division during the Trump administration. The request focuses on claims that antitrust enforcement actions, specifically regarding the cannabis industry and California’s vehicle emissions standards, were initiated for partisan reasons rather than legal merit.
For legal departments and compliance officers, this development signals a potential shift in how past enforcement decisions are scrutinized, particularly those involving sensitive environmental or emerging market sectors. Organizations that were subjects of Antitrust Division investigations between 2017 and 2021 should prepare for renewed discovery or oversight if the Inspector General uncovers evidence of procedural irregularities. This scrutiny may also influence current DOJ leadership to implement more rigorous internal safeguards against political influence in merger reviews and civil investigative demands.
Watch for a formal response from Inspector General Michael Horowitz regarding the opening of a preliminary inquiry into the Antitrust Division’s past conduct.
The Regulatory Brief delivers compliance and regulatory intelligence to your inbox every weekday morning.
Upgrade and download The Federal Enforcement Priority Report — our 16-page registration bonus.
The Regulatory Brief is published Monday–Friday. For group subscription enquiries and institutional pricing, visit theregulatorybrief.com. Published by Tetmo Publishing.