Corporate & Securities Blog

On February 27, 2025, the Financial Crimes Enforcement Network (“FinCEN”) announced that it will not issue any fines or penalties or initiate any other enforcement action against companies that do not file or update beneficial ownership information (“BOI”) reports under the Corporate Transparency Act (“CTA”) by the newly-instated March 21, 2025 deadline.

On February 17, a federal judge in Texas lifted a preliminary injunction issued in Smith v. United States Department of the Treasury, removing the last legal hurdle to the enforcement of the Corporate Transparency Act (“CTA”). As a result, the CTA’s reporting obligations are back in effect—at least temporarily.

Last Friday, the United States Supreme Court lifted a nationwide injunction originally issued by the U.S. District Court for the Eastern District of Texas (and later upheld by the Fifth Circuit Court of Appeals) in Texas Top Cop Shop, Inc. v. McHenry. The Top Cop injunction had blocked enforcement of the Corporate Transparency Act (the “CTA”).

As we embark on the new year, it is time to consider what is next for the SEC—specifically, EDGAR Next. In September 2024, the Securities and Exchange Commission adopted amendments to Regulation S-T aimed at modernizing the agency’s Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system. The new system—aptly named EDGAR Next—will feature improved access procedures and enhanced security measures, including two-factor authentication.

On December 11, 2024, the U.S. Court of Appeals for the Fifth Circuit struck down Nasdaq’s board diversity rules, which were designed to increase representation of women and minorities on corporate boards. Since 2023, the rules have required Nasdaq-listed companies to have at least one woman, minority, or LGBTQ+ member on their boards and to report director diversity information each year.

On October 22, 2024, the Securities and Exchange Commission charged four companies with making materially misleading disclosures about their cybersecurity risks. Each of the companies—Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd., and Mimecast Limited—agreed to pay hefty monetary penalties to settle the SEC’s charges.

The fines follow a lengthy investigation by the SEC into public companies affected by the 2020 SolarWinds breach, one of the most widespread cyberattacks to date. The attack, largely believed to have been carried out by ...