That question lies at the center of some of the most important contemporary debates in corporate law, investment management, and financial regulation. Fiduciaries operate in a legal environment where ESG may be viewed, depending on the jurisdiction, as prudent risk management, as a permissible but optional consideration, or as an impermissible departure from the duty to prioritize financial returns. The legal treatment of ESG therefore turns not on any universal principle, but on the underlying conception of fiduciary purpose embedded in a legal system.

In a new article, I examine how three major jurisdictions, the U.S., EU, and UK, have approached this issue. Although all three have embraced ESG in some form, they have done so through very different legal frameworks, reflecting distinct understandings of corporate purpose, fiduciary obligation, and the role of capital in society.

Three themes emerge. First, the EU has developed the most ambitious and legally integrated ESG framework, increasingly embedding sustainability into fiduciary obligations themselves. Second, the UK has adopted a more cautious middle path, promoting ESG through disclosure and stewardship while retaining a shareholder-centric fiduciary core. Third, the U.S. has become deeply fragmented, with ESG now functioning as both a governance norm and a political fault line. In some states, fiduciaries may be criticized for failing to consider ESG risks. In others, they may face liability for considering them at all.

The Fiduciary Question at the Core of ESG

At its essence, ESG presents a classic fiduciary-law problem. Fiduciary duties require the exercise of discretionary power on behalf of others. But discretion must be exercised in accordance with a legally defined purpose. The central inquiry, therefore, is simple to state but difficult to answer: Whose interests must fiduciaries serve, and what factors may they properly consider in doing so?

Traditional fiduciary law is built around the duties of loyalty, care, and good faith. These duties are highly flexible, but not infinitely so. They are interpreted against the backdrop of the legal system’s conception of the corporation and its purpose. Whether ESG is mandatory, permissible, or prohibited depends on that foundational understanding.

Where the corporation is viewed primarily as an instrument for maximizing shareholder wealth, ESG is generally acceptable only to the extent that it is financially material. It must be linked to risk-adjusted returns, enterprise value, or long-term shareholder welfare. By contrast, where the corporation is viewed as a social institution with responsibilities to a broader range of stakeholders, ESG may be regarded not merely as permissible, but as an integral aspect of fiduciary stewardship (Milton Friedman, 1970; Lynn Stout, The Shareholder Value Myth; Colin Mayer, Prosperity).

This normative divide explains much of the transatlantic variation. The legal status of ESG is, ultimately, a function of competing theories of the firm.

The U.S.: ESG and the Fragmentation of Fiduciary Law

No jurisdiction better illustrates the politicization of ESG than the U.S. The federal framework remains unsettled. While the Securities and Exchange Commission has sought to expand climate and sustainability disclosures, regulatory initiatives have faced legal, political, and administrative resistance. The result is a patchwork of evolving federal guidance rather than a coherent national ESG regime.

The more consequential developments have occurred at the state level.

A number of Democrat-led states, including California, Colorado, Illinois, Maryland, and New Hampshire, have encouraged the integration of ESG considerations into public investment decision-making (see discussion of pro-ESG state initiatives relying on disclosure and transparency mechanisms). Illinois’ Sustainable Investing Act, for example, expressly recognizes that sustainability factors may be financially material and therefore relevant to prudent investment analysis. Maryland has similarly required climate-related risk assessments in the management of public pension assets. These initiatives do not impose a universal duty to prioritize ESG, but they affirm that ESG considerations can fall squarely within the fiduciary mandate when they bear on long-term financial performance (Illinois Sustainable Investing Act, 30 ILCS 238; Maryland Code, State Personnel and Pensions).

By contrast, many Republican-led states have moved in the opposite direction. Florida, Texas, Arkansas, Kentucky, Kansas, Montana, and others (see, e.g., reports of over 165 anti-ESG bills introduced across 37 states in 2023) have enacted legislation or administrative rules restricting the use of ESG criteria in public-fund management. These measures typically require investment decisions to be based solely on pecuniary factors and prohibit the use of non-pecuniary considerations. Some statutes go further, authorizing investigations, blacklists, or contractual exclusions for financial institutions perceived as advancing ESG agendas (Florida HB 3 (2023); Texas SB 13 (2021); Arkansas Act 411 (2023)).

This has fundamentally altered the fiduciary landscape. In certain jurisdictions, failure to consider climate risk may be criticized as imprudent. In others, the consideration of climate risk may itself be characterized as a breach of fiduciary duty if framed as subordinating financial returns to social objectives.

The irony is striking. Efforts to resist perceived politicization in investment decision-making have themselves politicized fiduciary law. Asset managers now confront not a single American approach to ESG, but multiple competing regimes, each grounded in a different theory of fiduciary obligation.

Litigation has not resolved these tensions. In Thole v. U.S. Bank N.A., the United States Supreme Court held that plaintiffs must demonstrate a concrete and particularized injury to establish standing, thereby limiting fiduciary litigation in the ESG context. Similarly, in Wayne Wong et al. v. New York City Employees’ Retirement System et al., claims challenging ESG-driven divestment strategies were dismissed for lack of standing under New York Civil Practice Law and Rules.

Recent climate litigation signals evolving judicial engagement. In Held v. Montana, a state court recognized constitutional environmental rights in the context of fossil fuel policy, holding that statutory limitations violated the right to a clean and healthful. Although such decisions do not directly reshape fiduciary duties, they reflect a broader shift in legal attitudes toward sustainability.

In practical terms, the United States offers no uniform answer. Fiduciaries in anti-ESG states face real liability risks for promoting ESG, while those in pro-ESG jurisdictions operate within permissive frameworks shaped by disclosure norms and judicial deference. This fragmentation reflects both political controversy and the enduring dominance of shareholder primacy.

The EU: ESG as Regulatory Architecture

If the U.S. treats ESG as contested ideology, the EU treats it as a core component of financial regulation.

The EU has built the most sophisticated and comprehensive sustainable-finance framework in the world. This framework includes the Sustainable Finance Disclosure Regulation (SFDR), the Taxonomy Regulation, the Corporate Sustainability Reporting Directive (CSRD), the Corporate Sustainability Due Diligence Directive (CSDDD), and related delegated acts. Together, these measures do more than improve transparency. They seek to reshape the conduct of firms, financial institutions, and fiduciaries (Regulation (EU) 2019/2088; Regulation (EU) 2020/852; Directive (EU) 2022/2464).

Under SFDR, financial market participants must disclose how sustainability risks are integrated into investment decisions and advisory processes. The Taxonomy Regulation establishes a detailed classification system for environmentally sustainable economic activities. CSRD significantly expands the scope and rigor of corporate sustainability reporting, including through mandatory assurance and standardized reporting requirements. The CSDDD extends these obligations further by imposing due-diligence duties with respect to human rights and environmental impacts across value chains.

The cumulative effect is transformative. ESG is no longer merely a matter of voluntary stewardship or reputational strategy. It has become part of the legal infrastructure governing capital allocation.

Importantly, the EU’s approach reflects a broader stakeholder-oriented conception of the corporation. Corporate governance is understood not solely as a mechanism for shareholder wealth maximization, but as a framework for balancing the interests of shareholders, employees, creditors, consumers, communities, and the environment. Sustainability is therefore treated as integral to long-term value creation rather than external to it.

Judicial developments reinforce this trajectory. Cases such as Urgenda Foundation v State of the Netherlands and Milieudefensie v Royal Dutch Shell demonstrate a willingness to translate climate-related norms into enforceable legal obligations. Although these decisions arise outside traditional fiduciary doctrine, they reshape the legal environment in which fiduciaries operate. They increase the likelihood that climate and sustainability risks will be viewed as matters requiring active governance rather than discretionary attention (Urgenda [2019]; Milieudefensie v Shell (District Court of The Hague, 2021)).

In Deutsche Umwelthilfe v. TotalEnergies Wärme & Kraftstoff Deutschland GmbH, the Düsseldorf Regional Court held that TotalEnergies’ claim that its Thermoplus heating oil was “climate neutral,” by reason of carbon offsetting, was misleading, and enjoined its marketing as “CO₂ compensated.” The German Regional Court may well have drawn inspiration from the earlier Dutch decisions, thereby situating its reasoning within an emerging European judicial willingness to integrate ESG, sustainability, and anti-greenwashing norms into diverse legal fields, including environmental law, consumer protection law, and unfair competition law, among others. Taken together, these decisions reflect the progressive integration of sustainability considerations into the broader fabric of European private and public law.

In other words, these decisions indicate a willingness to interpret legal duties in light of broader ESG considerations. Fiduciaries may therefore face liability not only for misrepresenting ESG commitments but also for failing to implement them meaningfully. Although derivative litigation remains less common due to structural constraints, the broader regulatory and judicial environment supports ESG enforcement.

In the EU, therefore, the more significant fiduciary risk increasingly lies not in considering ESG, but in failing to do so adequately.

The UK: Between Shareholder Primacy and Stakeholder Governance

The UK occupies a more complex position. It has embraced many elements of the ESG agenda, particularly through disclosure, stewardship, and anti-greenwashing regulation. Yet its underlying fiduciary framework remains firmly anchored in shareholder primacy.

Section 172 of the Companies Act 2006 requires directors to promote the success of the company for the benefit of its members while paying attention to a range of stakeholders, including employees, suppliers, customers, communities, and the environment. This formulation, commonly described as “enlightened shareholder value,” was intended to broaden the perspective of directors without abandoning shareholder primacy (Companies Act 2006, s 172; Company Law Review Steering Group, Modern Company Law for a Competitive Economy).

In practice, however, section 172 has not fundamentally altered the hierarchy of corporate interests. Shareholders remain the ultimate beneficiaries of directors’ duties. Stakeholder interests may be considered, but only insofar as doing so promotes the long-term success of the company.

The Supreme Court’s decision in BTI 2014 LLC v Sequana SA confirms this structure. The Court reaffirmed that, in a solvent company, directors’ duties are owed to the company as a whole, which ordinarily means the shareholders collectively. Only when insolvency is probable do creditor interests acquire primacy ([2022] UKSC 25).

The recent ClientEarth v Shell litigation further illustrates the limits of judicial intervention in ESG governance. Although the claimant sought to hold Shell’s directors accountable for alleged failures in climate strategy, the High Court refused permission to continue the derivative claim, holding that the claimant had failed to establish a prima facie case ([2023] EWHC 1137 (Ch)). The court emphasized that directors enjoy broad discretion in balancing competing commercial considerations and that courts are ill-suited to second-guess boardroom judgments absent bad faith, improper purpose, or irrationality.

The UK framework supports ESG engagement. It has implemented mandatory climate-related financial disclosures, developed Sustainability Disclosure Requirements, and introduced a robust anti-greenwashing rule through the Financial Conduct Authority. Yet these initiatives operate largely through disclosure and market discipline rather than through a redefinition of fiduciary purpose.

As a result, fiduciaries in the UK face limited liability risk for both promoting and failing to promote ESG, provided they act in good faith. ESG is encouraged through disclosure and market mechanisms rather than enforced through strict legal obligations.

Liability and the Emerging Asymmetry

The most important practical implication of these divergent approaches concerns fiduciary liability.

In anti-ESG American states, fiduciaries may face legal or regulatory exposure for considering ESG factors deemed non-pecuniary. The legal concern is that fiduciaries have subordinated financial returns to political, social, or ideological objectives.

In the UK, ESG integration is generally permissible where directors or trustees reasonably conclude that such considerations are relevant to long-term value or risk management. The same is broadly true in pro-ESG American jurisdictions. Courts remain reluctant to impose liability for either integrating or declining to integrate ESG absent clear evidence of bad faith, procedural failure, or conflict of interest.

The EU, however, is moving toward a different equilibrium. As sustainability obligations become more deeply embedded in positive law, failure to account for material ESG risks may itself constitute a breach of legal duty. This is particularly true in the context of disclosure obligations, due diligence requirements, and anti-greenwashing enforcement.

The result is an emerging asymmetry. In some jurisdictions, ESG creates legal risk when adopted. In others, it creates legal risk when ignored.

What This Means for Fiduciaries

For directors, trustees, and investment managers, ESG cannot be approached as a one-size-fits-all governance framework. It is, instead, a jurisdiction-specific fiduciary issue.

First, fiduciaries must distinguish between mandatory and permissive ESG regimes. In the EU, many sustainability obligations are now mandatory. In the UK, ESG is strongly encouraged but often remains discretionary. In parts of the United States, ESG may be restricted or even prohibited in specific contexts.

Second, fiduciaries must ensure that ESG integration is tied to the legal purpose of the entity and the interests of the relevant beneficiaries. In shareholder-centric systems, this generally requires a demonstrable connection between ESG considerations and long-term financial value.

Third, process remains paramount. Courts are often more concerned with how decisions are made than with the substantive wisdom of the decisions. A well-documented process that identifies material risks, considers relevant information, and articulates a rational basis for action will typically receive substantial judicial deference (see, e.g., Aronson v Lewis, 473 A.2d 805 (Del. 1984); Howard Smith Ltd v Ampol Petroleum Ltd [1974] AC 821).

Finally, greenwashing risk has become a fiduciary issue in its own right. Once firms make sustainability-related claims, those claims can generate legal obligations under securities law, consumer protection law, and general principles of corporate governance.

Final Reflections

The legal future of ESG will be shaped less by slogans than by fiduciary doctrine. The critical issue is not whether ESG is inherently compatible or incompatible with fiduciary duty. Rather, the answer depends on how each legal system defines the purpose of fiduciary power. The question of whether fiduciaries can incur liability for promoting ESG does not admit a single answer. It depends on the legal and institutional context within which fiduciary duties operate.

In the United States, fiduciaries in anti-ESG states may face liability for promoting ESG, while those in pro-ESG jurisdictions operate within permissive frameworks shaped by the business judgment rule (Thole v. U.S. Bank N.A., 140 S. Ct. 1615 (2020)). In the European Union, ESG is embedded within corporate governance, and liability is more likely to arise from failing to integrate sustainability considerations, or for greenwashing (Milieudefensie v. Royal Dutch Shell(2021); Urgenda Foundation v. State of the Netherlands (2019); Deutsche Umwelthilfe v. TotalEnergies Wärme & Kraftstoff Deutschland GmbH). In the United Kingdom, fiduciary liability remains limited, reflecting judicial deference and the persistence of shareholder primacy (ClientEarth v. Shell Plc [2023] EWHC 1137 (Ch); BTI 2014 LLC v. Sequana SA [2022] UKSC 25).

These differences reveal that ESG is not merely a technical issue of corporate governance. It reflects deeper disagreements about the purpose of the corporation and the role of law in shaping economic behaviour. The result is a fragmented transatlantic landscape in which the legal consequences of ESG integration vary significantly.

The differences, however, have profound consequences. They mean that the legality of ESG is contingent not simply on financial materiality, but on the underlying theory of the corporation that a legal system chooses to endorse.

For directors and fiduciaries, ESG has become a matter of legal strategy as much as corporate policy. Navigating this terrain requires careful attention to jurisdictional differences and an understanding of how evolving legal frameworks define the boundaries of fiduciary duty.

That is the true legal limit of ESG. The boundaries of ESG are, in the end, the boundaries of fiduciary purpose itself.

Asif Salahuddin is a postdoctoral fellow at EW Barker Centre for Law & Business, Faculty of Law, National University of Singapore (NUS). This post is based on his article, “The Legal Limits of ESG in Fiduciary Decision-Making: Transatlantic Perspectives from the US, EU and UK,” forthcoming in the European Business Law Review.

Regulatory termination fees (“RTFs”), i.e., the obligation of one party – almost always the buyer – to pay the other party a fee if certain specified regulatory approvals are not obtained, have long been a common feature of many M&A transactions subject to regulatory review. An RTF can serve multiple purposes. First, it can operate to incentivize a buyer to accept a required regulatory remedy or other action beyond what it is contractually obligated to accept. Second, an RTF may operate to deter the buyer from failing to satisfy its contractual obligations to obtain required regulatory approvals. Regulatory efforts covenants often employ inherently ambiguous legal concepts, such as reasonable best efforts, commercially reasonable efforts, material adverse effect, and burdensome condition (among other materiality qualifiers), that are open to varying interpretation. As discussed in greater detail below, an RTF can provide a meaningful financial deterrent for non-compliance beyond the threat of breach of contract damages and specific performance. Third, an RTF can play a role in allocating regulatory risk by compensating the seller or target for the time and resources it committed to a transaction that ultimately does not proceed, as well as for lost opportunity costs it may incur as a consequence of foregoing other transactions. RTFs should be sized with these multiple purposes in mind. While the amount of RTFs varies widely, they are usually between 2% and 10% of the equity value of the transaction.[1]

In the last few years, a new insurance product, which we refer to as “RTF insurance,” has emerged to address the possibility that a buyer may be obligated to pay the seller or target an RTF. RTF insurance allows a buyer to shift all or a portion of its RTF exposure to an insurance carrier and can also provide the seller or target with greater certainty that the RTF will be paid.

However, RTF insurance may do more than just reallocate regulatory risk. It can potentially alter the parties’ relative negotiating leverage as well as their incentives to take actions required to obtain required regulatory approvals. Specifically, if a buyer has shifted to an insurance carrier all or a material portion of its obligation to pay an RTF, this may change the contractual risk it is willing to assume to obtain required regulatory approvals as well as its incentive to obtain those approvals, particularly where the obligations of the buyer in this regard are open to interpretation.

The Mechanics of RTF Insurance

RTF insurance operates within the broader framework of transactional insurance products. At its core, the product allows a buyer to transfer to an insurance carrier all or a portion of its obligation to pay an RTF to a seller or a target. The insurer, in exchange for a premium paid at signing or shortly thereafter, agrees to pay the RTF to the seller or target if the transaction is terminated due to the failure to obtain one or more specified regulatory approvals, such as a material antitrust approval, a national security (e.g., CFIUS) clearance, or other governmental consents.

Premium costs for RTF insurance vary considerably depending on the nature and complexity of the regulatory exposure, but are typically calculated as a percentage of the negotiated RTF. For transactions with RTFs in the range of approximately 3–8% of the target’s enterprise value, this pricing structure generally translates into a one-time premium equal to approximately 0.15% to 1.6% of the enterprise value of the target company. The triggering events for payment under the policy closely track the circumstances under which the transaction can be terminated for regulatory reasons.

Insurers usually play an active role in the negotiation of the regulatory provisions of the transaction document and may review and comment on those provisions. In addition, they may indicate to the buyer that they intend to impose specific requirements, exclusions, or cooperation obligations on the buyer in the insurance policy itself, which will likely lead the buyer to address those terms in the transaction document. These conditions can influence the negotiation of efforts covenants and the scope of covered regulatory risks and may also affect the parties’ behavior during the regulatory review period. Furthermore, insurers will typically not underwrite the full amount of the RTF, but will instead require the buyer to retain a portion of the RTF exposure through a retention or deductible so it retains at least some financial incentive to obtain the required regulatory approvals.

It is worth noting that, unlike representation and warranty insurance, which is largely limited to private transactions as it operates as a substitute for post-closing indemnification by the seller, RTF insurance is equally functional in public M&A deals as it is in private transactions.

Principal Benefits of RTF Insurance to Buyers and Sellers or Targets

RTF insurance can provide benefits to buyers and sellers or targets in M&A transactions.

From a buyer’s perspective, the obvious and most important benefit of RTF insurance is the ability to shift the obligation to pay the RTF to an insurer, thus relieving itself of this contractual obligation and balance sheet liability. RTF insurance can also provide buyers with a competitive advantage in competitive bidding situations. Specifically, RTF insurance may allow buyers that present greater regulatory risk than other bidders to enhance their competitive position by accepting a greater portion of that risk and/or committing to a greater RTF than they would have otherwise been able or willing to do without the insurance. For this reason, strategic buyers that present meaningful antitrust or national security/CFIUS risk may find RTF insurance to be particularly helpful in competitive bidding situations. Financial buyers, including private equity firms, may also find RTF insurance particularly attractive as a means to minimize their direct and indirect financial transaction commitments, as well as their need to call capital from their investors for a failed transaction. In addition, RTF insurance may allow cash-strapped buyers with leveraged balance sheets to eliminate their weak credit profile as a consideration on the part of the seller or target as to whether it will actually collect the RTF if and when it becomes payable.

From a seller’s or target’s perspective, RTF insurance may enhance a competitive sale process by (as suggested above) allowing some bidders to accept more regulatory risk and/or agree to greater RTFs than they otherwise would. In addition, as suggested above, RTF insurance can also reduce the seller’s or target’s counterparty credit risk by substituting a financially strong, highly rated insurer in the place of a buyer with a poor or uncertain credit profile as the obligor on the RTF. While a cash-strapped acquiror or a special purpose vehicle with limited assets may offer an equity commitment letter or limited guarantee to support its reverse termination fee obligations, these instruments still rely on the financial strength and willingness of the sponsor or guarantor to perform.

Customary Role of RTFs in M&A Transactions

To understand how RTF insurance might impact deal dynamics, it is useful to first examine where regulatory risk customarily resides in M&A transactions.

While the allocation of regulatory risk in an M&A transaction can take a multitude of forms, the risk is generally either:

• imposed entirely on the buyer pursuant to a “hell or high water” regulatory efforts covenant that requires the buyer to take any action, and accept any remedy imposed by any regulator, necessary to obtain regulatory approval of the transaction; or
• shared by the buyer and the seller or target pursuant to a regulatory efforts covenant that requires the buyer to accept any regulatory remedy unless it would (a) impose on the buyer a burden that exceeds a specified threshold (often phrased in terms of a remedy that would have a material adverse effect or impose a burdensome condition on the buyer and/or the target on a combined basis), or (b) require the buyer to take certain actions or agree to certain remedies that it is unwilling to accept.

When regulatory risk is imposed entirely on a buyer pursuant to a “hell or high water” provision, an RTF will be triggered only if a regulator refuses to approve the transaction regardless of what remedy or other action the buyer is contractually obligated to accept. For this reason, an RTF is often not provided for where the buyer agrees to a “hell or high water” provision. An RTF is much more common when the buyer and the seller or target agree to share the regulatory risk and there are circumstances in which the buyer is contractually relieved of its obligation to take actions or accept remedies to obtain required regulatory approvals. As discussed above, in those instances an RTF may serve the multiple purposes of (a) incentivizing the buyer to accept regulatory remedies beyond those it is contractually obligated to accept, (b) deterring the buyer from failing to satisfy its contractual obligations to obtain required regulatory approvals (beyond the threat of breach of contract damages and specific performance), and (c) compensating the seller or target for its commitment of time and other resources to the failed transaction as well as lost opportunity costs. These multiple purposes may be particularly important for a public company target for which a failed transaction can give rise to an impression that the company is “damaged goods” and can present retention issues and customer uncertainty.

A buyer’s motivation to satisfy its regulatory efforts covenants and obtain required regulatory approvals is driven by three factors: (i) its desire to consummate the transaction for commercial and other reasons; (ii) the threat of breach of contract damages or specific performance; and (iii) its obligation to pay an RTF if the transaction is terminated for failure of specified regulatory consents to be obtained. If the combination of these three factors exceeds the commercial and other costs of any remedy or other action the buyer may be required to agree to or take to obtain required regulatory approvals, then the buyer should be sufficiently incentivized to satisfy its contractual obligations.

Put formulaically, a buyer should theoretically satisfy its contractual regulatory obligations if:

A + B + C > D

Where:

• A = The transaction’s economic, strategic and other benefits to the buyer
• B = The threat of breach of contract damages or specific performance
• C = Buyer’s obligation to pay an RTF if the transaction is terminated for regulatory reasons
• D = The economic and other costs to the buyer of any required regulatory remedy or other action

Impact of RTF Insurance on Deal Dynamics

If a buyer’s obligation to pay an RTF is eliminated from the equation or substantially reduced because the obligation is shifted to an insurer, the buyer’s incentive to obtain required regulatory approvals may be meaningfully reduced. This is particularly true because in most transactions (particularly those in which the buyer is a private equity firm or other financial buyer), in circumstances where the buyer is obligated to pay the seller or the target an RTF, the recovery of that RTF by the seller or target is usually the sole and exclusive remedy for the buyer’s breach of the transaction agreement.[2] Accordingly, if a buyer can obtain RTF insurance for the cost of the premium, and its only exposure in the event all required regulatory approvals cannot be obtained is the amount of the retention or deductible under the insurance policy, the buyer may be more likely to conclude that the economic and other costs of any required regulatory remedy or other action exceed the transaction’s economic and other benefits to the buyer. While a retention or deductible under an RTF insurance policy will leave a portion of the RTF exposure with the buyer, this portion will usually be relatively small as a percentage of the amount of the RTF, and a competitive RTF insurance market will likely work in favor of buyers in this regard.

This analysis, however, is subject to a significant caveat in most transactions: the right of the seller or target to specifically enforce the buyer’s obligations under the regulatory efforts covenant and, more generally, to close the transaction if all closing conditions are satisfied (subject, in the case of most transactions involving a financial buyer, to the availability of any debt financing). However, because regulatory efforts covenants are often open to broad interpretation due to concepts such as reasonable best efforts or commercially reasonable efforts, materiality, material adverse effect and/or burdensome condition, it may be difficult for a court to fashion an order that would be sufficiently precise to allow a seller or target to obtain specific enforcement.

There are other considerations that may incentivize a buyer to obtain the regulatory approval required to close a transaction, such as the fees and expenses it incurs in connection with the transaction, the investment of management time and effort in executing the deal, and reputational harm arising from its failure to successfully close the transaction. But in most deals these will be secondary factors. If the buyer concludes the economic and other costs of a required regulatory remedy or other action are greater than the economic, strategic and other benefits of the transaction, and both the obligation to pay the RTF and any threat of breach of contract damages are largely or entirely eliminated, then the buyer would be economically incentivized to walk away from the transaction and force the seller or target to specifically enforce the buyer’s obligation to obtain the regulatory consents and close the deal.

Practical Implications of the Rise of RTF Insurance

In addition to its impact on deal dynamics as discussed above, the advent of RTF insurance may have a number of practical implications for M&A transactions, including the following:

1. Greater clarity of regulatory efforts covenants: Both RTF insurers and sellers or targets will likely seek to negotiate greater clarity with respect to a buyer’s obligations under regulatory efforts covenants to reduce the ambiguity of these provisions that may give buyers the flexibility to argue that they satisfied their contractual obligations to seek to obtain required regulatory approvals but were nevertheless unable to do so. Specifically, insurers and sellers or targets are likely to seek greater specificity with respect to the remedies and other actions buyers are required to accept or take to obtain required regulatory approvals, including seeking to provide clearer parameters around what assets must be disposed of to satisfy antitrust regulators.
2. Where ambiguity persists, more busted deals: Because buyers that are substantially or entirely relieved of the obligation to pay an RTF may have less incentive to comply with their regulatory efforts covenants, and sellers and targets may find it difficult to specifically enforce a buyer’s obligation to obtain those approvals where ambiguous language remains in the covenants, it is possible that more deals will be terminated due to the failure to obtain required regulatory approvals. Insurers will likely seek to offset an increased risk of busted deals by forcing buyers to retain a portion of the RTF through a retention or deductible, but as noted earlier the buyer’s retained exposure will usually be relatively small, and a competitive RTF insurance market will likely work in favor of buyers in this regard.
3. Willingness of buyers to accept larger RTFs: A natural likely consequence of RTF insurance is the willingness of buyers to accept larger RTFs, even if that means they must pay commensurately higher premiums for the insurance policy.
4. Impact on remedies: The absence of an RTF to serve as a deterrent to a buyer’s breach of its regulatory efforts covenants may lead sellers or targets to more carefully assess the remedies available in the event of such a breach.

Conclusion

RTF insurance is an emerging transactional insurance product that has the potential to alter M&A dealmaking in the future. By allowing a buyer to substantially or entirely relieve itself of the obligation to pay an RTF by shifting that obligation to an insurer, RTF insurance may reduce the incentive of buyers to (a) accept regulatory remedies beyond those they are contractually obligated to, and (b) comply with their regulatory efforts covenants, particularly in circumstances where the wording of those covenants is open to judicial interpretation, as is often the case. From the seller’s or target’s perspective, the problem may be exacerbated where the contractual and other remedies for a breach by the buyer are limited because the RTF is the sole and exclusive remedy for such a breach and/or it may be difficult to specifically enforce the buyer’s regulatory efforts obligations due to ambiguous language in the covenants.

These shifting deal dynamics, and the possible reduction in buyers’ incentive to accept any regulatory remedies unless contractually required to do so, or to comply with their regulatory efforts obligations, may impact transactions in a number of ways, including tighter regulatory efforts covenants, more busted deals, larger RTFs, and a greater focus on remedies for breaches of regulatory covenants.

Lastly, while this article focuses on RTF insurance, it is worth noting that there has been nascent discussion in the transactional insurance market regarding insurance products for other types of reverse termination fees in M&A transactions, but a market for these other products has not yet developed.

ENDNOTES

[1] By way of comparison, RTFs are often substantially greater than the “direct” termination fee a public target is usually required to pay a buyer if it terminates a pending transaction to accept a higher bid.

[2] According to multiple deal studies, including (a) the ABA M&A Market Trends Subcommittee’s Private Target Study (December 2025) and (b) the Thomson Reuters Practical Law Reverse Break-Up Fees and Specific Performance: A Survey of Remedies in Leveraged Public Deals (2018 Edition), in a substantial majority of M&A transactions involving RTFs, the payment of the RTF is seller’s or target’s sole and exclusive remedy in all cases or absent fraud or intentional breach of contract by the buyer.

This post is based on a White & Case LLP memorandum, “Regulatory termination fee insurance: An emerging transactional insurance product that may impact M&A deal dynamics,” dated April 6, 2026, and available here. 

The risks to financial stability arise because stablecoins are in important ways just like other forms of the dollar. Like bank deposits, they are debt claims that can maintain their $1 value only insofar as holders maintain confidence that the issuer can cash tokens out at par. (Tether, the largest stablecoin issuer, does not allow small-holder redemptions, but large holders can provide the same sort of arbitrage function that authorized participants do for exchange traded funds.) This makes stablecoins vulnerable to the same type of panic-driven withdrawals that traditionally plagued banks and that swept through the “shadow banking” system during the great financial crisis of 2007-08. Congress attempted to address this vulnerability in the stablecoin market with the passage of the Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act in July 2025. The GENIUS Act relies entirely on risk constraints as a panic-prevention tool—above all, by mandating that stablecoins must be backed 1:1 by a very narrow universe of “safe” assets. Risk constraints without a government safety net, however, have a long history of failing to prevent runs and panics. It is foolhardy to rely on them alone for that purpose.

An even bigger issue is that the GENIUS Act does not cover dollar stablecoins that remain entirely offshore, where most such stablecoins currently circulate. An important lesson of the past two decades is that there is no firebreak between global dollar markets and the U.S. financial system. The Fed has extended trillions of dollars of emergency liquidity to help foreign central banks address runs on dollar-denominated deposits in their jurisdictions. This has been necessary to prevent fire sales of dollar-denominated assets that would have sparked contagion in the United States. If stablecoins become the trillion-dollar asset that key U.S. policymakers hope and predict, it will add significant tension to an already stressed system in offshore dollar markets.

In contrast to stability risks, the challenge stablecoins pose to law enforcement and foreign policy arises from a genuinely novel feature: They are bearer tokens in digital form, and once created can circulate among “unhosted,” anonymous wallets. Several factors have allowed the United States to leverage the global payments system over the past two decades to serve its policy goals. First, if a Mexican business (for example) needs to make a payment to an Indian business, it will generally do so in dollars, since converting pesos to dollars and dollars to rupees is far easier than converting pesos directly to rupees. Second, in the traditional banking system, payments are made via a series of bookkeeping entries among banks—but one needs to find a chain of banks that have correspondent relationships with each other in order to settle the transaction. Such chains for cross-border payments overwhelmingly run through a hub-and-spokes system, with a handful of giant “hub” banks all participating in the Clearinghouse Interbank Payment System (CHIPS).

CHIPS participants are subject to U.S. jurisdiction and must comply with extensive customer diligence, recordkeeping, and reporting requirements. These banks risk substantial fines for compliance failures. This has given the United States unprecedented visibility into the flow of dollar payments. The U.S. government has used its authority under various laws authorizing sanctions (above all the International Emergency Economic Powers Act), as well as anti-money laundering (AML) laws, to exclude targets—individuals, entities, or entire countries—from the global dollar system. This can impose significant costs on targets, and over the past two decades has become a foreign-policy tool of first resort for Democratic and Republican administrations alike.

To the degree that stablecoins circulate among unhosted wallets that are not subject to extensive “know your customer” (KYC) diligence by regulated intermediaries, it makes it significantly more difficult for the United States to “weaponize” the financial system against its targets. The GENIUS Act does require U.S. stablecoin issuers to comply with various AML and KYC requirements, but this only applies to their customers. One must be a customer to create or redeem stablecoins, but not to transact in stablecoins once they have been created. The GENIUS Act also requires U.S. stablecoin issuers to retain the ability to “freeze” their tokens anywhere, including in unhosted wallets. But the question is then how regulators will know what wallets to target.

The GENIUS Act basically punts on this question, ordering the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) to try to figure it out. While FinCEN may develop analytic tools to help identify illicit transactions, it stands to reason that, without KYC compliance carried out by regulated, well-resourced, risk-averse banks, the enforcement of AML laws and sanctions will be significantly more difficult and less effective. If this were not the case, it would suggest highly inefficient KYC compliance costs are being imposed on banks right now. Even if FinCEN were to develop ways to reliably identify illicit transactions and freeze stablecoins in unhosted wallets, the GENIUS Act’s reach (again) does not extend to stablecoins that circulate entirely offshore, where much money laundering and most sanctions evasion likely occur. And again, unlike the traditional payment system, where virtually all cross-border dollar payments must touch the U.S. banking system at some point, stablecoins can circulate on blockchains that remain entirely offshore.

The rise of stablecoins may thus result in the entrenchment of the dollar and the “exorbitant privilege” that its hegemonic status confers on the United States, while simultaneously exacerbating strains on the stability of the global financial system and neutering the U.S. government’s ability to weaponize the dollar against criminals and geopolitical adversaries. Fully addressing these problems would be technically feasible—for example, by providing the equivalent of deposit insurance for stablecoins, requiring that stablecoins be programmed so that they can only be held by wallets that have undergone some sort of KYC verification, and applying sanctions to cut off noncompliant stablecoins issuers from the dollar system. There appears, however, to be no political support for such an approach right now. Even if there were, eliminating anonymity and punishing foreign stablecoin issuers could undermine the goal of entrenching dollar dominance. It may no longer be possible for the United States to have its cake and eat it, too, when it comes to the dollar’s international role.

John Crawford is professor of law at UC Law San Francisco (formerly UC Hastings College of the Law). This post is based on his essay, “Stablecoins and the Global Dollar System,” forthcoming in UCLA Law Review Discourse and available here.

For decades, corporate fiduciary law has assumed that directors have limited information. Courts do not expect directors to foresee every risk or prevent every corporate failure. The business judgment rule protects most informed, good-faith decisions from judicial second-guessing and Caremark oversight liability remains difficult to establish.[1] That structure made sense in a world where directors often had no practical way to see deeply into a complex corporation’s operations.

That world is changing. Large companies now generate immense streams of operational, financial, compliance, consumer, workforce, and supply-chain data. At the same time, artificial intelligence and emerging quantum-computing tools are making it possible to analyze that information with increasing speed and sophistication. These technologies can reveal patterns that would otherwise remain invisible. They can show when management’s assumptions are fragile. They can also identify risks before those risks become public scandals or catastrophic losses.

This technological shift should matter for fiduciary law. If directors have access to tools that can help them understand the corporation more accurately, the law should recognize that those tools exist.  My article therefore proposes a shift from fiduciary standards centered on “gross negligence” and “utter failure” toward a framework of reasonable tech-enabled diligence and proactive oversight. When advanced tools are reasonably available, directors should sometimes have to show that they used them, considered them, or had a sound reason for declining to do so.

Behavioral economics strengthens the case for this shift. Corporate law often imagines directors as rational monitors who will notice when something is wrong. In reality, directors, like all humans, may become overconfident, defer too readily to management, and discount information that conflicts with the preferred narrative in the boardroom. Group dynamics can make those tendencies worse, especially in high-status environments where dissent feels costly.[2]

Technology cannot eliminate those human limitations. But it can make them harder to ignore. An AI-enabled compliance system might flag weaknesses that management has downplayed. A predictive model might show that a strategic plan depends on unrealistic assumptions. Quantum-enhanced simulations might reveal that a proposed transaction carries risks that conventional modeling failed to capture. In each case, technology would not replace board judgment. It would discipline it.

This matters especially because modern corporate risk rarely fits neatly within old doctrinal categories. A privacy failure can become a consumer-protection problem, a securities problem, and a reputational crisis at the same time. Workplace misconduct can affect employee retention, brand value, and long-term performance. Climate risk can alter supply chains, insurance costs, financing, and market demand. A board that treats these issues as unconnected to corporate value may misunderstand the corporation itself.

That point also reframes the relationship between shareholder and stakeholder governance. Directors need not choose between long-term firm value and careful attention to workers, consumers, communities, or the environment. In many contexts, stakeholder harms are early warnings of enterprise risk. Advanced analytics can help boards see those connections more clearly. Ignoring stakeholder data may therefore be both normatively troubling and economically shortsighted.

A workable legal standard would need limits. Courts should not require every company to adopt the most advanced technology available. A small private firm and a multinational public company do not face the same obligations. Nor should directors be punished simply because an AI system failed to predict a harm. Fiduciary law should still depend on context, and it should continue to protect good-faith business judgment.

For that reason, my article argues for safe harbors. Directors who make good-faith efforts to understand relevant technologies, seek appropriate expertise, adopt reasonable monitoring systems, and document their deliberations should receive substantial protection from liability. The law should encourage serious engagement with technology rather than after-the-fact blame.

But the converse should also be true. A board of a large, complex company should not be able to ignore standard analytic tools and then claim ignorance when foreseeable risks materialize. A board should not be able to dismiss data anomalies without inquiry. Nor should it be able to rely on outdated reporting systems when more effective monitoring tools are reasonably within reach. At some point, technological indifference becomes a governance failure.

Corporate law has adapted to new governance realities before. Smith v. Van Gorkom made process matter in major transactions.[3] Caremark recognized that directors have a duty to attend to corporate oversight, even if liability remains rare.[4] Marchand v. Barnhill confirmed that boards must take critical risks seriously.[5] The next step is to recognize that oversight where data are plentiful requires more than passive receipt of management reports.

Quantum AI will bring risks of its own. Algorithmic systems may be opaque. They may reproduce bias. They may create privacy and cybersecurity vulnerabilities. They may also tempt directors to defer  to those systems without fully understand them. These concerns are serious. But rather than reasons to avoid advanced technology completely, they are admonitions  for boards to oversee it carefully.

The deeper point is that fiduciary law should remain tied to the actual conditions of corporate decision-making. As corporations become more complex, directors need better tools to understand them. As data become more central to governance, ignoring data becomes harder to justify. And as AI and quantum computing develop, corporate law must decide whether fiduciary duty still means conscientious stewardship in practice.

ENDNOTES

[1] See In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959 (Del. Ch. 1996); Stone v. Ritter, 911 A.2d 362 (Del. 2006).

[2] See Christine Jolls, Cass R. Sunstein & Richard Thaler, A Behavioral Approach to Law and Economics, 50 Stan. L. Rev. 1471 (1998).

[3] Smith v. Van Gorkom, 488 A.2d 858 (Del. 1985).

[4] Caremark, 698 A.2d 959; Stone, 911 A.2d 362.

[5] Marchand v. Barnhill, 212 A.3d 805 (Del. 2019).

Michael R. Siebecker is the Maxine Kurtz Faculty Research Scholar and a professor of law at the University of Denver’s Sturm College of Law. This post is based on his article, “Quantum AI and the Future of Corporate Law,” published in the Cardozo Law Review and available here.

What Prompted the DOL to Issue the Proposed Rule?

On August 7, 2025, the Trump Administration released an Executive Order, “Democratizing Access to Alternative Assets for 401(k) Investors” (the Executive Order), which directed the DOL to reexamine its past guidance regarding the investment of 401(k) plans in alternative assets and to issue clarifying guidance as appropriate. The Proposed Rule is a direct response to the Executive Order, which articulated the position that without access to investments in alternative asset classes, the more than 90 million 401(k) plan participants are missing out on the “potential growth and diversification opportunities associated with alternative asset investments” currently afforded to institutional investors, high-net-worth individuals, and retirement plans for government workers.^[2]

What Is the Scope of the Proposed Rule?

While the Executive Order directed the DOL to revisit its past guidance relating to alternative assets in 401(k) plans, the Proposed Rule provides guidance with respect to the selection of all investment options; it does not separately define “alternative assets” or provide special rules relating thereto. In support of the broad applicability of the Proposed Rule, the DOL cited the “asset neutral” approach under the Employee Retirement Income Security Act of 1974, as amended (ERISA), which does not favor (or prohibit) any particular asset class or investment strategy (except in the case of illegal investments, which are clearly prohibited). As part of this discussion, the DOL stated that “there is no per se rule respecting investment in alternative assets generally or the inclusion of private market investments,” referencing direct or indirect interests in equity, debt, real estate (including real estate related debt), commodities, project financing infrastructure development, and actively managed vehicles investing in digital assets. However, the DOL did not provide guidance regarding whether any of the foregoing investments should be included as part of a 401(k) plan investment line-up.

What Falls Outside the Scope of the Proposed Rule?

Notwithstanding its broad applicability to all investment options, the Proposed Rule is narrowly drafted and only addresses the duty of prudence as it applies to plan fiduciaries selecting investment options. The Proposed Rule does not address the roles and responsibilities of other relevant parties, including managers of investment options regarding how they may navigate the complexities of including alternative assets (e.g., with respect to liquidity and valuation). Further, the Proposed Rule does not address considerations relating to ERISA’s reporting requirements, conflict of interest and prohibited transaction rules, or the “plan asset” regulations, each of which may be relevant with respect to the offering and structuring of investment options with alternative assets.

While somewhat obvious, it is worth noting that the Proposed Rule only applies to the prudent process under ERISA applicable to plan fiduciaries. It does not address securities laws and other considerations applicable to structuring and offering or investment options, and these must be separately considered.

The Proposed Rule expressly does not apply to self-directed brokerage windows “or similar plan arrangements that enable participants and beneficiaries to select investments beyond those designated by the plan and shall not include investments acquired or available through any such arrangements.”[3] Accordingly, investments made through self-directed brokerage windows should not be impacted by the Proposed Rule.

How Does the Proposed Rule Fit Within ERISA’s Existing Framework?

To properly contextualize the Proposed Rule, it is useful to revisit a fiduciary’s duties under ERISA’s duty of prudence relating to the selection of 401(k) investment options. ERISA obligates plan fiduciaries to prudently[4] select and monitor^[5] investment options for 401(k) plans, and fiduciaries can be held liable for losses resulting from their failure to do so. Under the DOL’s current guidance, when selecting an investment option, plan fiduciaries are obligated to (i) “give appropriate consideration to those facts and circumstances that, given the scope of such fiduciary’s investment duties, the fiduciary knows or should know are relevant to the particular investment . . . including the role the investment or investment course of action plays in that portion of the plan’s investment portfolio or menu with respect to which the fiduciary has investment duties” and (ii) “act accordingly” (which is not defined).^[6] The Proposed Rule is intended to supplement and expand this existing guidance.

What Does the Proposed Rule Do?

The Proposed Rule seeks to (i) establish a “safe harbor” process that, if followed by a fiduciary in connection with the selection of an investment option, is intended to create a rebuttable presumption of prudence, and (ii) provide a clearer regulatory framework for 401(k) plan fiduciaries to prudently select investment options. The Proposed Rule is a mix of regulatory principles and examples designed to illustrate the applicability of these principles to various situations.

What Is the “Safe Harbor” and Presumption of Prudence?

Echoing concerns set forth in the Executive Order, the DOL stated “that the prevailing climate of litigation poses significant challenges for plan sponsors and fiduciaries… [and] much of this litigation has focused on well-designed plans with prudent processes, with the challenges often ultimately failing, but not before significant resources have been expended in defense.”[7]In an effort to address the foregoing, the Proposed Rule sets forth a non-exhaustive list of six factors that, if objectively, thoroughly and analytically considered by a plan fiduciary, give rise to a presumption of prudence. While the DOL labeled this a “safe harbor,” it is important to note that it does not completely insulate fiduciaries from litigation-related risks associated with the selection of investment options. In practice, plaintiffs claiming that a fiduciary breached its duty of prudence when selecting an investment option may now need to specifically address deficiencies relating to the factors set forth in the “safe harbor.”

The six factors set forth in the Proposed Rule are as follows:

1. Performance: The fiduciary must consider a reasonable number of similar investment options and conclude that the selected option enables participants to maximize risk-adjusted returns over an appropriate time horizon (net of anticipated fees and expenses). In short, fiduciaries should prioritize risk-adjusted outcomes over appropriate timelines instead of chasing the highest returns.
2. Fees: The fiduciary must consider a reasonable number of similar investment options and determine that the relevant fees and expenses are appropriate taking into consideration risk-adjusted returns and any other “value” (e.g., benefits, features or other services). The examples emphasize that the analysis relating to fees is value-driven, not purely a cost-minimization exercise, permitting higher-fee options where supported by enhanced features but treating as imprudent failure to account for identical lower-cost alternatives.
3. Liquidity: The fiduciary must determine that the investment option provides sufficient liquidity to meet the needs of the 401(k) plan and the individual participants.^[8] The examples provided by the DOL clarify that the liquidity analysis is context-specific and two-tiered (participant and plan level), allowing for investments with redemption restrictions or illiquid assets where fiduciaries evaluate liquidity risk through regulatory frameworks, independent diligence, or comparable risk management programs, and balance those constraints against the investment’s value proposition. This determination may also require consideration of operational constraints, including participant transaction frequency. The examples cite the plan fiduciary’s ability to rely on written representations from the manager of the investment option regarding liquidity characteristics.
4. Valuation: The fiduciary must determine that the investment option is capable of being timely and accurately valued in accordance with the underlying needs of the 401(k) plan. The DOL emphasized that fiduciaries must ensure that valuation processes are reliable, timely, and independent, with particular support for reliance on market-based pricing, audited fund disclosures, or independent valuation frameworks (referencing ASC 820[9] for illiquid assets). Conversely, processes that rely on conflicted or proprietary valuations without independent safeguards are unlikely to satisfy this factor.
5. Performance Benchmarks: The fiduciary must determine that the investment option has a meaningful benchmark and compare the risk-adjusted returns to such benchmark. The DOL’s examples illustrate that benchmarks must be truly comparable in strategy, risk and objectives, rather than generic indices, and fiduciaries may utilize custom or composite benchmarks (including for alternative assets) where necessary to enable an appropriate comparison.
6. Complexity: The fiduciary must assess whether they have the skill, knowledge, experience and capacity to evaluate the investment option and, if not, should retain a third-party investment manager or advisor (under Sections 3(21) or 3(38) of ERISA) who is sufficiently experienced with respect to such investment option. In essence, fiduciaries are not precluded from selecting complex investment options, but must be able to demonstrate that they have met the prudence threshold. Under the examples, engaging qualified third-party fiduciaries may, in certain cases, be indicative of a prudent process.

Under ERISA, documentation is an important element of demonstrating compliance with the duty of prudence. With the introduction of the “safe harbor,” plan fiduciaries will want to document consideration of (and determinations relating to) the factors described above in order to preserve the presumption of prudence.

What Regulatory Clarifications Are Set Forth in the Proposed Rule?

The Proposed Rule does not require plan fiduciaries to incorporate any specific type of asset or asset class into a 401(k) plan’s investment line-up. Instead, the Proposed Rule provides that, so long as a fiduciary follows a prudent process, there are no per se rules relating to alternative assets generally. Under the Proposed Rule, a 401(k) plan fiduciary must select an investment line-up that allows participants to maximize risk-adjusted returns across the investments held in their plan accounts.

Consistent with existing guidance, the DOL emphasized the need for fiduciaries to engage in a prudent process and to consider all relevant facts and circumstances. In connection with these principles, the DOL emphasized that, where a fiduciary lacks the skill, knowledge or expertise to prudently evaluate an investment option, they should retain a third-party fiduciary (i.e., an investment manager and/or advisor under Sections 3(21) and 3(38) of ERISA). ERISA has long required fiduciaries to retain advisors/managers where they lack the requisite expertise to be prudent. However, the Proposed Rule contains an implicit (and, at times, nearly direct) message that the use of a third-party advisor/manager in certain situations can be indicative of a prudent process.

What Comes Next?

While the Proposed Rule represents a significant development, it also raises several ambiguities and questions. The Proposed Rule is subject to a 60-day comment period, which will end on June 1, 2026. We hope to see many of these questions constructively addressed during this comment period. The DOL has specifically asked for commentators to address a number of questions, including the interaction between the “safe harbor” requirements and the protection provided by Section 404(c) of ERISA, which is designed to insulate plan fiduciaries from liability arising out of the investment decisions made by participants. The DOL also asked for comments around various questions relating to the six factors identified in the “safe harbor.” In addition to proposing additional or alternative factors relating to the “safe harbor,” commentators may raise the following:

• One of the examples in the Proposed Rule states that a “collective investment trust” (a CIT) may demonstrate satisfaction of the liquidity factor by representing that it maintains a liquidity program that is “substantially similar” to what is required of mutual funds under the Investment Company Act of 1940 (the 40 Act). CITs are regulated by the Office of the Comptroller of the Currency (the OCC) and are not otherwise subject to the 40 Act. Commentators may ask the DOL to consider providing an alternative path for CITs (e.g., under the OCC) and other non-mutual funds to satisfy the liquidity factor under the “safe harbor.”
• The DOL may be encouraged by commentators to consider adding more examples addressing the concept of “other value” in the context of an evaluation of fees under the “safe harbor.”
• The DOL may be asked to provide additional guidance regarding valuation in the context of non-mutual fund investment options such as CITs.

What Does This Mean for Fund Sponsors and Other Investment Managers?

The Proposed Rule does not usher in any immediate regulatory changes and, as highlighted above, there are several outstanding questions that we hope will be addressed by the DOL prior to issuing a final rule. Against this background, consider the following:

1. Increased Opportunities for Fund Sponsors and Investment Managers: Fund sponsors and investment managers now have a better roadmap for structuring alternative asset-focused investment options tailored specifically for 401(k) plans. Increased interest and demand for investment options with alternatives will present opportunities for fund sponsors and investment managers to potentially gain significant additional assets under management.
2. Impact of the Safe Harbor: The inclusion of the “safe harbor” in the Proposed Rule will likely accelerate the formation of partnerships between fund sponsors, investment managers, and traditional 401(k) platform providers even before a final rule is released. The inclusion of the presumption of prudence in the Proposed Rule may be enough to clear the way for more collaboration. In particular, the new presumption provides a much clearer pathway for 401(k) plan fiduciaries to approve the inclusion of alternative asset-focused investment options for 401(k) plan participants.
3. Safe Harbor Factors: In order to facilitate greater partnership with traditional 401(k) platform providers, fund sponsors may want to incorporate the various “safe harbor” factors into their product development process for any funds or other products targeting 401(k) plans. That would include framing the valuation process for any such investment options to mirror the requirements of ASC 820, and to utilize third party valuation resources where applicable. Similarly, with respect to any such products and funds, fund sponsors may want to consider whether to incorporate a clear methodology to manage liquidity, balancing a liquid bucket and available borrowings to offset the illiquid nature of its expected portfolio of alternative asset investments. Finally, fund sponsors may want to start to consider ways in which the “safe harbor” factors (e.g., benchmarking and liquidity) can be incorporated into existing marketing materials, legal documentation (including written representations (e.g., with respect to liquidity management) and reporting processes, where applicable.
4. Increased Demand for Third Party Fiduciary Advisors and Managers: The DOL’s emphasis on the retention of third party advisors and/or managers (under Sections 3(21) and 3(38) of ERISA) may create opportunities for investment managers and advisors in this space beyond merely managing potential investment options that plan fiduciaries may select. We expect this may create new opportunities for managers with the relevant expertise who may not currently provide services in this space and for smaller, mid-sized managers that are familiar with the alternative asset space, but may lack the size or financial resources to launch tailored investment options to specifically target 401(k) plans.
5. Plan Asset Considerations: The assets of 401(k) plans constitute “plan assets” subject to ERISA. In connection with the development of strategies that facilitate investment by 401(k) plans, fund sponsors, and investment managers may find themselves managing or advising vehicles that are subject to ERISA and/or that need to rely on less familiar “plan asset” exceptions (e.g., the “publicly offered securities” exception instead of the “venture capital operating company” and/or “less than 25%” exceptions). Fund sponsors and investment managers exploring this market and the related developments may wish to familiarize themselves with the compliance considerations involved in operating a “plan asset” ERISA fund (or relying on alternative “plan asset” exceptions noted above), as well as weigh the benefits and challenges of navigating this regulatory terrain.

If You Are a Fiduciary of a 401(k) Plan, What Does This Mean for You?

The Proposed Rule does not require 401(k) plan fiduciaries to take any immediate action. However, there are a few items to consider:

1. Assessing Current Plan: Review current governing documents, investment policy statements, and investment line-ups to determine whether investment options with exposure to alternative assets are permitted and/or currently held by the 401(k) plan.
2. Review Documentation Practices: Consider whether processes and procedures may need to be enhanced to adequately document fiduciary deliberations and comparisons across the “safe harbor” factors (e.g., in committee materials and minutes).
3. Evaluating Fiduciary Capabilities: Evaluate whether the 401(k) plan’s current fiduciaries (g., retirement committee or third-party investment advisor/manager) have the requisite expertise to select, evaluate, and monitor investment options with exposure to alternative assets.
4. Consult with Current Advisors: Consult with current advisors and/or managers of the 401(k) plan regarding the impact of the Proposed Rule on the 401(k) plan and to discuss next steps in anticipation of a final rule.

Conclusion

Commentators will engage with the DOL in the coming months regarding these and other considerations relating to the Proposed Rule. The 60-day comment period presents a narrow but important window to shape the final rule.

ENDNOTES

[1] See the Proposed Rule available at https://www.federalregister.gov/documents/2026/03/31/2026-06178/fiduciary-duties-in-selecting-designated-investment-alternatives.

[2] See the Executive Order available at https://www.whitehouse.gov/presidential-actions/2025/08/democratizing-access-to-alternative-assets-for-401k-investors/.

[3] See the Proposed Rule.

[4] ERISA’s duty of prudence requires fiduciaries to act with the care, skill, prudence and diligence under the circumstances then prevailing that a prudent person acting in a like capacity and familiar with such maters would use in the conduct of an enterprise of a like character and with like aims. See Section 404(a)(1)(B) of ERISA.

[5] In the preamble to the Proposed Rule, the DOL stated that it intends to issue additional guidance relating to the duty to monitor investment options. Once finalized, the principles set forth in the Proposed Rule will govern the duty to monitor until additional guidance is released. See preamble to Proposed Rule.

[6] See 29 C.F.R. 2550.404a-1 and the Proposed Rule.

[7] See Proposed Rule.

[8] With respect to participant-level liquidity, the examples address liquidity in the context of a mutual fund registered as an investment company with the U.S. Securities and Exchange Commission under the Investment Company Act of 1940 by reference to a written liquidity risk management program required by rule 22e-4. In the context of other funds, including “collective investment trusts,” the example references utilizing a “substantially similar” liquidity risk management program. See the Proposed Rule.

[9] The Financial Accounting Standards Board Accounting Standards Codification 820, titled Fair Value Measurement.

This post is based on a Cleary Gottlieb Steen & Hamilton LLP memorandum, “Dear Prudence: Does the DOL’s Proposed Rule Signal a Brand-New Day for 401(k)s and Alternative Assets?” dated April 2, 2026, and available here. 

This isn’t a future risk. It exists today. And too many of the people responsible for governing the companies most exposed to it are sitting in boardrooms without a plan.

Three years ago, I started warning that there are no adults in the room on AI, that the companies building these systems answer to almost no one, and that boards of the companies being transformed by AI don’t have the tools to govern it. The numbers confirm the danger. Two-thirds of directors say their boards don’t know enough about AI (EY, 2025). Only 26% discuss it at every board meeting (Protiviti/BoardProspects, 2026), and just 27% have formally added AI governance to their committee charters (NACD, 2025). The Conference Board reports that the share of large-cap public companies disclosing AI as a material risk jumped from 12% in 2023 to 83% in 2025, while only 23% of directors describe themselves as fluent in it (Conference Board, 2026). The fluency gap is now embedded in SEC filings. The EU AI Act applies to any company whose AI touches the EU market, and directors face personal liability if oversight is found lacking. Yet the act regulates systems, not the boardrooms that govern them. The United States provides no federal AI governance framework, which makes board-level governance not optional but the primary line of defense.

In a recent working paper, we offer a practitioner-focused framework designed to close that gap.

Governance Fails in Two Directions

In our advisory work, we see two types of flawed boards worldwide. The “clueless board” has never seriously discussed AI, delegates everything to the chief technology officer, and gets a sanitized two-page update once a quarter. Investment decisions get approved without scrutiny or deferred indefinitely. What follows is value leakage: scattered experimentation, incoherent investment, and competitors capturing the value that incumbents leave on the table. Though perhaps invisible in the short term, , the consequences can be devastating over time.

Then there is the “FOMO board,” which chases every AI opportunity because competitors are pushing for rapid deployment before controls, data infrastructure, and the operating model are ready. What follows is value destruction: algorithmic discrimination, misleading AI claims, data breaches from unapproved tools, and regulatory action. Under Delaware’s Caremarkstandard, boards have a fiduciary duty to implement and monitor reporting systems for critical risks. AI is rapidly becoming such a risk. While the consequences of a clueless board can be invisible, at least at first, those of the FOMO board generate headlines and lawsuits.

Most boards are like clueless and FOMO boards to some degree, moving too slowly to capture value and too carelessly to manage risk. And their behavior can raise Caremark concerns, with clueless boards failing the duty to implement a reporting system and FOMO boards failing the duty to monitor that system once it exists.

Nora Denzel, lead independent director at AMD and a director at Sony Group, Gen Digital, and NACD, coined a useful term for this: “I call it vibe governance. We have a policy, we follow a framework, we train our employees, we bought a tool. It’s reassuring. But who owns the outcome, what controls are in place, and what evidence shows they work?”

Five Responsibilities, None of Them New

AI governance doesn’t require inventing new board duties. It requires applying established duties under changed conditions. Drawing on the UK Corporate Governance Code, G20/OECD Principles and U.S. governance doctrine, we organize the board’s AI-related work into five responsibilities: (1) purpose, ethics, and compliance; (2) business model and strategy; (3) assets, capabilities, and capital allocation; (4) risk profile; and (5) leadership selection, evaluation, and succession.

We bundle purpose, ethics, and compliance because AI uniquely widens the gap between what is legal, what is operationally feasible, and what is consistent with the firm’s purpose. We separate assets and capabilities from strategy because in AI, execution constraints—data quality, process standardization, talent—are often decisive, even when strategic direction is sound.

The STAR Framework

Boards can’t review each responsibility from scratch at every meeting. They need a small set of recurring questions that cut across all five and can be applied consistently quarter after quarter. We developed the STAR framework for this purpose.

S: Shareholder Value Thesis. Where exactly will AI create or destroy value, who will be responsible for the outcome, and under what conditions do we stop or scale back? AI investments should face the same discipline as any other capital allocation decision.

T: Threat Parity. Are our defenses evolving as fast as AI-powered threats? After Mythos Preview—the AI agent that autonomously breached its own testing environment—this isn’t theoretical. Deepfake fraud, automated vulnerability exploitation, and attacks targeting AI systems themselves are no longer rare cases. If the board hasn’t asked whether security governance keeps pace with the threat environment, the company is exposed.

A: Ability. Can we actually execute? Do we have the data quality, process readiness, and talent to move beyond pilots? Too many organizations buy licenses, launch pilots, and declare victory. Real adoption means AI embedded in redesigned workflows, not bolted onto broken processes.

R: Risk Budget. Have we explicitly defined where AI risk is acceptable, where it isn’t, and who is accountable when something goes wrong? The best-governed organizations treat AI risk like a portfolio: explicit green, yellow, and red lanes, clear no-go zones, and a named executive accountable for every high-impact system.

Both types of flawed boards map directly on to STAR. The clueless board is a failure of S and A: no value thesis, no honest assessment of organizational readiness. The FOMO board is a failure of T and R: deployment without controls, no risk tiers, no one accountable. STAR ensures neither goes undetected.

Here’s the key insight: STAR treats risk as a portfolio to manage, not a danger to be eliminated. The question isn’t “is AI risky?” but “can we manage its risks well enough to capture the value?” Think of it like credit risk in banking. Good banks don’t reject all loans. They price risk correctly and hold appropriate reserves. Good AI governance doesn’t reject all use cases. It assesses the dangers, applies proportionate controls, and keeps decision receipts.

Making Governance Operational

Frameworks are only useful if someone is responsible for them. We recommend distributing AI governance across existing committees rather than concentrating it in a single new one. Risk committees deal with controls and risk appetite. Audit committees handle assurance and disclosure accuracy. Human capital committees address workforce impact and leadership readiness. Strategy

Each STAR question maps on to a few quarterly indicators with clear escalation rules. Few boards receive this kind of reporting today, but those that govern AI well will demand it. For Shareholder Value Thesis: where AI is creating measurable value, where it isn’t, and where spending is rising without results. Escalate when spending rises but impact stays flat. For Threat Parity: how well controls keep pace with AI-powered threats, and where unauthorized AI use is appearing inside the company. Escalate when a high-risk system shows a control gap. For Ability: whether the organization can actually execute, including data quality, talent, and how deeply AI is being used. Escalate when rollouts stall. For Risk Budget: which AI use cases the board has approved, where overrides are happening, and any incidents. Escalate when AI is deployed in a use case the board has placed off limits.

Governance Isn’t a Brake but Power Steering.

Boards that treat AI purely as a compliance exercise may watch their companies become irrelevant. The real competitive threat isn’t that AI will go wrong. It’s that competitors will get AI right faster. Boards need to equip their companies to move as quickly as possible, with guardrails that enable speed rather than prevent it.

Some boards freeze because they felt they didn’t know enough about AI to push back on management. Others wave through AI initiatives because nobody wanted to be the person who slowed things down. Both are failures of governance. Both destroy value.

An AI model capable of bringing down a major corporation isn’t a future scenario. It exists today. The question is whether the people in the boardroom are equipped to deal with what comes next. The boards that govern AI well won’t necessarily have the most sophisticated technology committees. They’ll ask the right questions, insist on evidence, and hold management accountable. From principles to proof. Power steering, not a brake.

Robert Maciejko is the founder of the Board AI Institute, a member of the INSEAD AI Advisory Group, and co-founder of INSEAD AI. Henk S. de Jong is executive fellow at IESE/ISE/AESE Business School and a board member and former CEO of Versuni/Philips. Sampsa Samila is a professor of strategic management at AI at IESE Business School. Christoph Wollersheim is co-lead of AI practice in the U.S. at Egon Zehnder. This post is based on their recent article, “Power Steering, Not a Brake: How Boards Should Actually Govern AI,” available here.

In a recent article, I observe that recent decisions in Delaware’s Court of Chancery and Supreme Court reveal a palpable judicial discomfort with entrepreneurial corporate governance.  This is primarily because entrepreneurs, and the governance norms they operate under, tend to eschew managerial process in favor of quick and decisive action.  In other words, entrepreneurial corporate governance does not look like the model of deliberation and process constructed through years of careful judicial development in the nation’s premier corporate jurisdiction.

This has put major pressure on Delaware courts as they have confronted aggressive entrepreneurs in recent blockbuster decisions including Tornetta v. Musk,[9] Palkon v. Maffei,[10] In re Match Group Derivative Litigation,[11] and West Palm Beach Firefighters’ Pension Fund v. Moelis.[12]  I argue that these cases, among others, reflect judicial inhospitality to entrepreneurial corporate governance in favor of more traditional corporate governance norms I call “process managerialism.”  Finally, notwithstanding recent aggressive legislative interventions,[13] I propose a synthesis where Delaware courts can let go of that inhospitality while maintaining the important values at the heart of Delaware’s process-oriented doctrine.

Insistence on Process and Inhospitality to Entrepreneurs

Delaware corporate law is enabling in the sense that it contains numerous judicially and legislatively validated processes for carrying out business decisions that will insulate the decisionmakers from judicial second-guessing.  The business judgment rule, for example, evaluates whether directors created a record of the decision process that reveals meaningful deliberation and shows that the directors are free from conflicts of interest, thus presumptively fulfilling their duties of care and loyalty, respectively.  Even in the most sensitive conflicts—those between a controlling shareholder and the minority—Delaware courts developed a framework for “cleansing” the transaction of the controller’s conflict through an independent board committee and a fully-informed shareholder vote.[14]

Over time, each of these simple-sounding processes grew more complex, especially as to the duty of loyalty.  For example, a conflict of interest need not be only a material, financial interest, but could simply be too much personal loyalty to another director who might have such an interest.  The application of this notion of independence to each director at every stage became an all-encompassing, open-ended question.  A failure of independence, then, means a failure of process, and full judicial airing of the business decision.  Delaware law shifted, imperceptibly, from the above framing (managers can do anything as long as they follow the process) to a new one: Managers can’t do anything without getting every detail of a long process perfect.

As this shift was accelerating, Silicon Valley-style move-fast-and-break-things entrepreneurialism was having a moment.  The two collided in 2024 and 2025, with the Musk, Moelis, Maffei, and Match Group decisions.  Delaware chancellors invalidated Elon Musk’s pay package, invalidated Ken Moelis’ self-empowering shareholder agreement, and preserved potential financial liability for Greg Maffei’s move to Nevada. Meanwhile, the Delaware Supreme Court held Match Group’s board ineligible for business judgment-rule protection for a spin-off transaction due to one person (on a unanimous three-person committee) later being found to have lacked independence from the controlling shareholder.  In each case, Delaware courts chastised managers for their insufficient adherence to various processes.  Entrepreneurs, who move quickly and decisively, were simply executing under corporate governance norms that facilitate that kind of decision-making.  Unfortunately, these norms are uncomfortably at odds with Delaware’s doctrines.

Room for Entrepreneurs?

Unequivocally, Delaware’s processes protect important values in corporate law: managerial accountability, fairness in the distribution of corporate largesse, and, put simply, assurance that  the minority shareholders get what they bargained for when they invested.  Judicial review of boards’ decision processes is a good middle way between substantive judicial review and no judicial review for ensuring the above values are vindicated.  If the court can discern that the board followed a good process, it indirectly vindicates the shareholders’ interests while placing less of a burden on the board to justify the substance of the decision.  The balancing act breaks down if the courts too strongly perceive a lack of process as a reason to be skeptical about the substance.  When entrepreneurial managers act decisively instead of deliberatively, the court could always review the decision substantively and conclude the directors are not liable—indeed, Delaware courts have done so and ruled in favor of the directors before.[15]  But, too often in recent years, the perceived inattention to process has driven the substantive analysis to fail, too.

There is a way to restore the balance.  I propose that Delaware courts grant entrepreneurial firms and their management more flexibility in the absence of true signs of shareholder harm such as fraud, appropriation of minority shareholder investment, and opportunism.  For example, simply being unable to find an “independent enough” director does not automatically result in shareholder harm.  A highly paid entrepreneurial executive does not equate to a misappropriation of value from the shareholders to the executive.  And not every fast and decisive corporate action is opportunistic.  Indeed, sometimes shareholders in entrepreneurial corporations invest because they want decisive, bold, and even risk-taking entrepreneurial management.  Recognizing the value of the entrepreneurial approach in some corporations, as opposed to a one-size-fits-all process-managerialist one, can restore the balance that made Delaware law the envy of the corporate world.

ENDNOTES

[1] In re Walt Disney Co. Deriv. Litig., 906 A.2d 27 (Del. 2006).

[2] Smith v. Van Gorkom, 488 A.2d 858 (Del. 1986).

[3] Kahn v. M&F Worldwide, Corp., 88 A.3d 635 (Del. 2014).

[4] West Palm Beach Firefighters’ Pension Fund v. Moelis & Co., 311 A.3d 809 (Del. Ch. 2024).

[5] Maffei v. Palkon, 339 A.3d 705 (Del. 2025).

[6] Moelis, 311 A.3d at 822.

[7] Kahn, 88 A.3d at 635.

[8] Maffei, 339 A.3d at 705.

[9] 310 A.3d 430 (Del. Ch. 2024); 326 A.3d 1203 (Del. Ch. 2024); rev’d In re Tesla Motors Deriv. Litig., 351 A.3d 1005 (Del. Dec. 19, 2025).

[10] 311 A.3d 255 (Del. Ch. 2025), rev’d Maffei, 339 A.3d 709.

[11] 315 A.3d 446 (Del. 2024)

[12] Moelis, 311 A.3d at 809.

[13] S.B. 313, 152nd Gen. Assemb., Reg. Sess. (Del. 2024); S.B. 21, 153rd Gen. Assemb., Reg. Sess. (Del. 2025)

[14] Kahn, 88 A.3d at 635.

[15] See, e.g., In re Trados Corp. Shareholder Litig, 73 A.3d 17 (Del. Ch. 2023) (Laster, J.).

Martin Edwards is an assistant professor at the University of Mississippi School of Law. This post is based on his recent article, “Entrepreneurialism, Process Managerialism, and the Trajectory of Delaware Law,” available here.

Comments on the NPR are due by June 9, 2026.

Overview

The NPR would provide important clarity regarding AML/CFT and sanctions-compliance obligations applicable to PPSIs. In addition to implementing express provisions of the GENIUS Act—such as updating FinCEN’s definition of “financial institution” to include PPSIs—the NPR also would address important areas of uncertainty under the GENIUS Act and with respect to AML and sanctions-compliance matters in the digital asset space more broadly. Notably, the NPR would establish a distinction between primary- and secondary-market payment stablecoin transactions and delineate the compliance obligations of PPSIs with regard to transactions occurring in the secondary market. More broadly, the NPR seeks to balance the burdens of compliance against anticipated financial-crime reduction, consistent with the administration’s efforts to recalibrate financial crime compliance frameworks to promote a risk-based approach focused on core policy goals rather than mere technical compliance.

Analysis

Primary Market v. Secondary Market

The NPR would define “primary market” and “secondary market” payment stablecoin activities and clarify the AML/CFT and sanctions-compliance obligations applicable to PPSIs with respect to each type of activity.

• Primary Market. FinCEN and OFAC would define “primary market” activities to include a “PPSI interacting directly with the user or holder of a payment stablecoin.”[2] For example, a PPSI that is “issuing, converting, redeeming, repurchasing, burning, and reissuing” would be engaged in primary-market transactions.
• Secondary Market. In contrast, “secondary market” activities would describe “any payment stablecoin activity that does not directly involve the PPSI as a party to the transaction, other than via a smart contract.”[3] Activities such as an individual purchasing stablecoins from an intermediary or engaging in person-to-person transactions in payment stablecoins would be considered secondary-market activity.

FinCEN and OFAC propose that certain requirements to which financial institutions are customarily subject would be required of PPSIs only when engaged in primary-market activity. These would include complying with Customer Due Diligence (“CDD”) requirements; reporting beneficial ownership information to FinCEN; and filing suspicious activity reports (“SARs”).[4]

Notably, however, the NPR would provide that a PPSI’s obligation to “to block, freeze, and reject” certain transactions “extends beyond a PPSI’s customers and accounts, i.e. to secondary market activity.”[5] The GENIUS Act requires that PPSIs have the “technical capabilities, policies, and procedures to block, freeze, and reject specific or impermissible transactions that violate Federal or State laws, rules, or regulations.”[6] The Act also requires that PPSIs have the “technological capability to comply . . . with the terms of any lawful order.” The NPR would establish the contours of both (1) a PPSI’s obligations to “block, freeze, and reject” transactions effected on primary and secondary markets; and (2) the meaning of the term “lawful order,” which includes various legal actions that “require[] a person to seize, freeze, burn, or prevent the transfer of payment stablecoins issued by the person.” In justifying the extension of certain of these PPSI obligations to cover transactions that occur in the secondary market, the NPR sets out its reasons for concluding that these obligations would have limited effectiveness if they were to apply only to primary market transactions.[7]

• Obligation to “block, freeze, and reject” transactions. The NPR would require PPSIs to have the technology necessary to block, freeze and reject transactions on both the primary and secondary markets involving payment stablecoins they issue.[8] The NPR describes that some stablecoin issuers already implement these capabilities through the programming of smart contracts. However, the NPR would not prescribe how PPSIs must satisfy the obligation to “block, freeze, and reject.” Rather, it recognizes that “PPSIs are best positioned to determine how to effectively and efficiently comply with the obligation.” The NPR explains that the actual circumstances in which these “technological capabilities” will be deployed will be dictated by “federal or state laws, rules, or regulations, as well as court orders, some of which will require PPSIs to take action with regards to transactions occurring on the secondary market.”[9] Nonetheless, FinCEN and OFAC describe the obligation of PPSIs to block, freeze and reject transactions as applying principally in the context of economic sanctions administered by OFAC.
• “Lawful order.” The NPR’s definition of “lawful order” would be nearly identical to the definition provided in the GENIUS Act itself.[10] Nonetheless, FinCEN and OFAC’s discussion of the term would clarify compliance obligations for PPSIs. First, PPSIs would be expected to take action to comply with lawful orders pertaining to both primary- and secondary-market activities involving payment stablecoins they issue. Second, although the NPR would not define the term “burn” (an action that could be required under the terms of a “lawful order”), the NPR explains that the term “is generally understood in the industry and by law enforcement to mean taking action such that the payment stablecoin is permanently removed from circulation, which can be effected through different tactics.” Third, the NPR notes that a “quintessential type of lawful order . . . would be a seizure warrant.” Such warrants “frequently include requirements to respond within a certain amount of time and prohibitions on frustrating the[ir] implementation.”[11]

Of note, the NPR states that “most of the illicit activity involving stablecoins occurs on the secondary market,” and that extending the obligations of PPSIs to address to secondary-market activity “is consistent with the GENIUS Act.”[12] Although the NPR is subject to comments, the proposed requirement that PPSIs must meet compliance obligations in relation to secondary market transactions addresses a key outstanding point of uncertainty that had existed regarding the GENIUS Act’s implementation.[13]

Sanctions-Compliance Requirements in Secondary-Market Transactions

Among the most noteworthy aspects of the NPR are the sanctions-compliance obligations that would be imposed on PPSIs with regard to secondary-market transactions involving payment stablecoins that they issue. The NPR would confirm that because PPSIs must be U.S. persons under the GENIUS Act (i.e., they must be legal entities “formed in the United States”[14]), they will be “subject to the same U.S. sanctions obligations that currently apply to all other U.S. persons, including those that are stablecoin issuers.”[15]The NPR further specifies that:

[A] U.S. person stablecoin issuer would engage in a prohibited provision of services to a blocked person if it allowed the blocked person to engage with the stablecoin issuer’s smart contract to facilitate trades of stablecoins on the secondary market. In this instance, the stablecoin issuer would also be required to block such stablecoins because the blocked person has an interest in the stablecoins, which the issuer controls via its smart contract.[16]

This explanation clarifies that according to the terms of the NPR a PPSI would “control” a stablecoin in the secondary market through its smart contract.

The NPR also describes, with respect to a PPSI’s obligations to “block, freeze, and reject” transactions, that PPSIs would be subject to sanctions-compliance requirements for both primary- and secondary-market transactions. The NPR notes that U.S. sanctions are a strict-liability regime, such that PPSIs may be held civilly liable for violations “even without having knowledge or reason to know that it was engaging in such a violation.”[17] It then says that PPSIs would be required:

to have technical capabilities, policies, and procedures to identify and block stablecoins traded by blocked persons on the secondary market when PPSIs exercise possession or control of such stablecoins, including through smart contracts.[18]

When coupled with earlier references to strict liability, the phrase “traded by blocked persons” could be read to suggest that PPSIs would be expected to screen both primary- and secondary-market transactions involving their payment stablecoins not only for wallets and accounts already included on OFAC’s SDN List, but also for whether the persons engaging in the transactions are themselves blocked or otherwise targets of sanctions. However, it is not clear the extent to which PPSIs would be able to identify whether a transaction involves a sanctioned party if the relevant wallet addresses are not listed on OFAC’s SDN List, and if the addresses otherwise are not known to the PPSI (e.g., because they are wallet addresses associated with existing customers of the PPSI). Nonetheless, the reference to “control . . . through smart contracts” again indicates that PPSIs would be considered to “control” stablecoins they issue, including when they are transferred and held on the secondary market, including by persons that are not customers of a PPSI.

The GENIUS Act itself does not address the extent to which PPSIs must comply with U.S. sanctions in respect of secondary-market transactions. The NPR would resolve this uncertainty by providing that (1) PPSIs would be responsible for both identifying and taking appropriate action in instances in which sanctioned persons hold or trade their stablecoins, and (2) failing to take appropriate action could expose PPSIs to the risk of criminal penalties and civil penalties imposed on a strict-liability basis.[19]

Anti-Money Laundering Obligations

As noted above, the NPR would define PPSIs as a type of financial institution subject to regulation under the Bank Secrecy Act (“BSA”), as required in the GENIUS Act. The NPR would set out AML program requirements for PPSIs, and the NPR describes that FinCEN “proposes to impose on PPSIs an AML/CFT program obligation consistent with the program being proposed” for financial institutions currently covered by the BSA. This statement references FinCEN’s separate notice of proposed rulemaking issued on April 7, 2026 (the “Program Rule”). The Program Rule proposes to recalibrate AML/CFT program requirements to provide financial institutions with greater flexibility to allocate compliance resources towards higher-risk activities and away from lower-risk activities. Similarly, the Program Rule proposes to reduce the impact on financial institutions of overly burdensome “red tape” by de-emphasizing policing of minor program deficiencies. The overall principles reflected in the Program Rule are reiterated in the NPR’s discussion of AML program requirements for PPSIs. The NPR would encourage PPSIs to direct “more attention and resources toward higher-risk customers…rather than lower-risk customers and activities.”[20] Both the NPR and the Program Rule signal a shift in FinCEN priorities away from a mere “check-the-box” compliance approach toward programs that support the underlying goals of the BSA.

Against this backdrop, the NPR outlines expectations for PPSI compliance with certain key BSA obligations, including:

• Customer Due Diligence Requirements. PPSIs would be required to undertake CDD for primary-market activity as a part of their AML/CFT compliance programs.[21] PPSIs would need to establish “appropriate risk-based procedures” to “understand[] the nature and purpose of customer relationships for developing a customer risk profile” and conduct “ongoing monitoring to identify and report suspicious transactions.”[22] The NPR explains that “PPSIs may also need to consider information more narrowly tailored to the stablecoin market, including both information available from public blockchains and relevant off-chain considerations.”[23] The NPR would “not contempla[te] application of CDD to secondary market activity”[24]—and would not “impose a standalone independent obligation on a PPSI to monitor secondary market transactions.” Nonetheless, FinCEN notes that “consideration of such activity may be appropriate in the PPSI’s development and maintenance of a customer risk profile.”[25]
• Beneficial Ownership Information Reporting. The NPR would subject PPSIs to the same identity verification procedures for beneficial owners of legal entity customers as apply to banks. FinCEN describes that, for the purposes of the requirement, an “account” would be any formal relationship between a customer and a PPSI for the provision of financial services.[26] As with CDD, this requirement would not extend to secondary-market activity.[27]
• Suspicious Activity Report Filing. The NPR includes a lengthy discussion of whether SAR reporting should be required for secondary-market activities involving payment stablecoins. Ultimately FinCEN assessed that “the burden of requiring PPSIs to file SARs concerning secondary market activity would potentially outweigh the likely benefits.”[28] Instead PPSIs would be required to file SARs only on primary-market transactions. Outside of the context of payment stablecoins, financial institutions are generally required to file SARs on transactions conducted or attempted “by, at, or through” the institution. To make clear that PPSIs are not required to file SARs for secondary-market transactions, the NPR would specify that, for the purposes of SAR filing, a transfer is not a “transaction” through a PPSI if the PPSI is only interacting with the transaction through a smart contract.[29]

FinCEN invites comments with respect to these provisions, with a particular focus on whether they strike the appropriate balance between addressing financial crime risks and minimizing burdens, while tailoring requirements to the “size and complexity” of issuers.[30] In addition (and consistent with similar guidance outlined in the April 7, 2026 Program Rule proposal), the NPR would establish that FinCEN would be unlikely to pursue an enforcement action against a PPSI for AML/CFT program violations unless there is evidence of a “significant or systemic failure” to implement a functioning AML program.[31] Moreover, FinCEN would require other federal agencies contemplating pursuing AML/CFT supervisory action against a PPSI to consult with FinCEN before initiating any action.[32]

Sanctions-Compliance Program Requirements

The GENIUS Act represents the first time any U.S. person will be required in regulation to establish and maintain a sanctions-compliance program.[33] In general, U.S. persons must comply with OFAC’s sanctions regime, but OFAC’s regulations have not historically specified how they must do so—that is, U.S. persons may be penalized on a strict-liability basis for substantive violations of OFAC sanctions, but not for failing to maintain a sanctions-compliance program. In establishing the new legal requirement for PPSIs, the NPR utilizes and builds on concepts in prior OFAC guidance, including A Framework for OFAC Compliance Commitments(2019), Sanctions-Compliance Guidance for the Virtual Currency Industry (2021), and certain previously issued FAQs. Under the proposal contained in the NPR, OFAC would establish not only recordkeeping and reporting requirements to align with a PPSI’s status as a U.S. person, but also five general pillars of an effective sanctions-compliance program. These pillars are based on the 2019 Framework and include the following: (1) senior management and organizational commitment; (2) risk assessment; (3) internal controls; (4) testing and auditing; and (5) training.[34]

OFAC would mandate these five elements as part of an effective program, but would refrain from imposing specific guidelines or requirements as to how these elements should be implemented in order to allow for compliance programs to be tailored to the size and complexity of each PPSI.[35] The NPR describes that penalties for sanctions violations would be consistent with those described by both the GENIUS Act and IEEPA. Accordingly, PPSIs that fail to maintain an effective sanctions-compliance program could be subject to “civil monetary penalties of no more than $100,000 per day where the PPSI knowingly violates the requirement to maintain an effective compliance program.”[36]

Comments and Effective Date

FinCEN and OFAC request comments on the NPR, with comments due by June 9, 2026. FinCEN and OFAC have identified several areas with respect to which they solicit particular focus by commenters, including the extent to which a PPSI’s AML program should account for risks in the secondary market.[37]

The NPR describes that the final rules will become effective 12 months after issuance. The GENIUS Act, including its financial crimes-related provisions, will take effect on the earlier of 18 months from enactment (i.e., January 18, 2027) and 120 days after the date on which the primary federal payment stablecoin regulators issue any final regulations implementing the statute.[38]

ENDNOTES

[1] Permitted Payment Stablecoin Issuer Anti-Money Laundering/Countering the Financing of Terrorism Program and Sanctions-Compliance Program Requirements, 91 Fed Reg. at 18,582 (Apr. 10, 2026).

[2] 91 Fed Reg. at 18,585.

[3] Id.

[4] Note, the NPR’s expectations with regard to these obligations is discussed in greater detail below.

[5] 91 Fed. Reg. at 18,604.

[6] 12 U.S.C. §5903 (a)(6).

[7] The NPR includes a lengthy recitation of financial crime associated with stablecoins, focusing especially on secondary-market activity. See 91 Fed. Reg. 18,586-18,588.

[8] FinCEN does not draw any distinction between “block,” “freeze” and “reject” but is requesting comment on whether additional clarity is needed. See 98 Fed. Reg. at 18,621.

[9] 91 Fed. Reg. at 18,605.

[10] The NPR would replace references to “a person” with the definition of that term in the GENIUS Act (i.e., “an individual, partnership, company, corporation, association, trust, estate, cooperative organization, or other business entity, incorporated or unincorporated”). See 12 U.S.C. § 15901(24).

[11] 91 Fed. Reg. at 18,605.

[12] Id.

[13] The NPR addresses requirements for PPSIs and does not address foreign payment stablecoin issuers (“FPSIs”)—a separate category of stablecoin issuers contemplated by the GENIUS Act.  The GENIUS Act indicates that an FPSI must have the “technological capability to comply . . . with the terms of any lawful order,” among other requirements. 12 U.S.C. § 5902(b)(2), 5907(a). In the NPR, FinCEN asks: “Are there particular requirements that FinCEN has proposed to apply to PPSIs that should or should not apply to foreign payment stablecoin issuers?”

[14] 12 U.S.C. § 5901(23).

[15] 91 Fed. Reg. at 18,588.

[16] 91 Fed. Reg. at 18,589.

[17] 91 Fed. Reg. at 18,605.

[18] Id.

[19] The NPR contains extensive discussion of financial crime associated with stablecoins, including several examples of sanctions evasion can be found at 91 Fed. Reg. at 18,588.

[20] 91 Fed. Reg. at 18,597.

[21] See 91 Fed. Reg. at 18,604.

[22] 91 Fed. Reg. at 18,600.

[23] 91 Fed. Reg. at 18,601.

[24] 91 Fed. Reg. at 18,604.

[25] 91 Fed. Reg. at 18,601.

[26] 91 Fed. Reg. at 18,604.

[27] Note, the NPR states that “FinCEN anticipates further modifications to its proposed language based on its expected forthcoming rulemaking implementing the GENIUS Act’s requirement that PPSIs maintain customer identification programs.” Id.

[28] 91 Fed. Reg. at 18,607.

[29] 91 Fed. Reg. at 18,608. The NPR would require SAR filing for transactions above $5,000 in funds or other assets. Id. This increases the $2,000 threshold currently applicable to stablecoin issuers that are “money services businesses” under FinCEN’s regulations, based on FinCEN’s assessment that primary stablecoin market transactions are rarely below $5,000. Id.

[30] Tailoring AML/CFT and sanctions-compliance requirements to the “size and complexity” of PPSIs is required under the GENIUS Act. 12 U.S.C. § 5903(a)(5)(B).

[31] 91 Fed. Reg. at 18,604. Note that this change applies only for program violations and might not indicate an adjustment of enforcement priorities for other violations of AML policy.

[32] The NPR proposes that federally regulated PPSIs will be examined with respect to compliance with the BSA and its implementing regulations by a primary Federal payment stablecoin regulator and that PPSIs subject to a state regulatory regime would be subject to such examination by the Internal Revenue Service. See 91 Fed. Reg. at 18,596.

[33] 91 Fed. Reg. at 18,613 (“The sanctions-compliance program requirement in the GENIUS Act, however, represents the first time that Federal law has explicitly mandated that a particular U.S. person have an effective sanctions-compliance program”); see 12 U.S.C. § 5903(a)(5)(A)(vi).

[34] 91 Fed. Reg. at 18,615.

[35] 91 Fed. Reg. at 18,614.

[36] The NPR defines “knowingly” to mean “that a person has actual knowledge, or should have known, of the conduct, the circumstance, or the result.” 91 Fed. Reg. at 18,619.

[37] 91 Fed. Reg. at 18,620.

[38] 12 U.S.C. § 5901 note.

This post is based on a Sullivan & Cromwell LLP memorandum, “GENIUS Act Implementation – FinCEN, OFAC Propose Rule on AML and Sanctions-Compliance Requirements,” dated April 17, 2026, and available here. 

In a new article, I focus on the particular fit between private equity and defined contribution (DC) retirement plans, as largely regulated by the federal Employee Retirement Income Security Act (ERISA). I offer two primary arguments for why the current efforts to allow (DC) plans to invest in private assets are likely to be less successful than their proponents hope.

First, current reform proposals implicitly assume that the primary barrier to the inclusion of private investments in DC plans is plan fiduciaries’ fear of being sued. The proponents of private equity essentially propose to shield plan sponsors from class-action litigation on the belief that 401(k) menus will then add private equity. This is a misunderstanding of how ERISA incentives function. A safe harbor for an asset rarely eliminates risk, much less provides any incentive for plans to adopt that asset. History is instructive here: Multiple agency and legislative safe harbors have been adopted to encourage in-plan annuities, all to essentially no effect. If safe harbors cannot move the needle on annuities—a product widely acclaimed for enhancing retirement security—they are, standing alone, unlikely to do so for a much more controversial asset class such as private equity. By contrast, plans’ embrace of target-date funds, which ostensibly were also the beneficiaries of a safe harbor, was driven by a complex chain of regulatory pushes, starting with IRS antidiscrimination rules.

Second, there are serious and fundamental structural incompatibilities between private equity and defined contribution plans, largely due to the illiquid nature of private equity. In a 2020 report, Professors Scott and Gulliver argued that these issues can be addressed with policy fixes and financial engineering such as in-plan loans and limited-exposure funds.

Although I agree that in-plan loans should be a mandatory feature of DC plans, I argue that the problems created by private equity’s illiquidity run deeper. Because private equity assets are not publicly traded, their reported value relies on periodic manager-made estimates of net asset value rather than real-time market discovery. This makes it difficult, if not impossible, for the typical biweekly investments of 401(k) plan contributions to be made fairly. If an NAV estimate is too high, the employee buying into the fund today receives too few units. If it is too low, the existing participants are diluted. This valuation gap persists during the withdrawal phase as well. Retirees receiving (often required) distributions need accurate NAVs to avoid being shortchanged or overpaid. While private equity has traditionally overcome these issues through manager-timed pro rata capital calls and distributions, such an irregular cash-flow model is fundamentally at odds with the regularity of payments into defined contribution retirement plans, and reliance on manager-led valuations poses risks that are now being realized in the private debt arena.

I do not contend that the inclusion of private equity is inherently a bad for America’s retirement savings system. However, the large-scale adoption—much less the socially constructive deployment—of private assets in defined contribution plans requires more than policy patches such as litigation safe harbors. Rather, it demands a reassessment of how an illiquid asset can be reconciled with a savings scheme that is traditionally, though not inevitably, liquid. Indeed, the answer to successful integration of private assets with DC plans may not be more liquid private asset vehicles, but less liquid DC plan accounts.

Moreover, any such integration must also address equally fundamental challenges of ensuring that accountability mechanisms either under ERISA or otherwise can be meaningfully applied to an asset class that operates under a governance logic entirely distinct from that of publicly traded securities and the funds that hold them. Here too, the best solutions may well differ from what has been proposed so far. For instance, as I note, the very litigation that the DOL’s rule seeks to protect plan fiduciaries from has often pushed plans to adopt assets with higher returns. If PE inclusion will truly produce higher returns for plan participants, PE may well benefit from more fiduciary litigation, not less.

James An is a professor at Suffolk University Law School. This post is based on his recent article, “Private Equity in Retirement Savings,” available here.