Title IX Challenge Delays $2.8B College Athlete NIL Settlement

Title IX Challenge Delays $2.8B College Athlete NIL Settlement

The recent settlement of In re College Athlete NIL Litigation (the Settlement) has been challenged on Title IX grounds. The Settlement mandated back payments of $2.8 billion to former Division I athletes who played college sports before Name, Image, and Likeness (NIL) compensation was allowed in 2021.

Why Are the NIL Settlement Payments Delayed?

A group of female athletes filed a Title IX challenge, arguing that the distribution of the $2.8 billion, 90% to men’s football and basketball players, 5% to women’s basketball players, and 5% to all other student athletes, violates Title IX’s gender equity requirements.

Which Parts of the Settlement Will Still Take Effect in 2025?

Key components of the settlement, including revenue sharing, a new NIL framework, and revised roster limits, are still scheduled to take effect on July 1, 2025. Only the $2.8 billion in back payments is paused.

What Is the NIL Clearinghouse and What Role Does Deloitte Play?

The NIL clearinghouse is a third-party administrator of the College Sports Commission tasked with reviewing NIL agreements for compliance with the new rules regarding NIL. It will review NIL agreements involving third parties affiliated with schools, such as boosters and collectives. Deloitte will operate the clearinghouse through its NIL Go platform, which will evaluate whether athlete compensation in certain deals meets or exceeds fair market value.

Which NIL Agreements Will the Clearinghouse Review?

The clearinghouse will review NIL agreements exceeding $600 that involve “associated entities,” such as school-affiliated boosters and collectives. Athletes must disclose all agreements over $600, but only those involving associated entities are subject to fair market value review.

How Are “Associated Entities” Determined?

Entities or individuals are considered associated if they were created to support a school’s athletics program, have donated more than $50,000 to the school or such entities, or have been directed by the school to assist in recruiting or retaining athletes.

What is a “Legitimate Business Purpose” for NIL Deals?

To pass review, agreements must serve a legitimate business purpose, such as promoting goods or services to the public. Deals lacking a clear business rationale will not pass the fair market value review.

Has the NCAA Provided NIL Guidance?

In December 2024, the NCAA issued internal Q&A memos to guide schools on evaluating NIL deals; however, this guidance has not been made publicly available.

How Will the Clearinghouse Evaluate Fair Market Value?

Deloitte is expected to utilize a database of past NIL deals and consider factors such as athlete performance, social media presence, and brand influence to determine whether the compensation under a given NIL agreement falls within the fair market value. The full methodology has not been publicly disclosed.

What Happens If an NIL Agreement Is Not Cleared?

If a deal is not cleared, athletes may renegotiate, decline the deal, or proceed at the risk of losing eligibility, as determined by the College Sports Commission. Athletes can also request neutral arbitration to resolve disputes.

The regulatory landscape of college athletics continues to evolve rapidly. Interested parties should contact Varnum’s NIL Practice Team to ensure compliance with NCAA, state, and institutional regulations.

Florida Passes Major Reforms for Community Associations

Florida Passes Major Reforms for Community Associations

Florida’s most recent legislative session introduced a series of changes impacting condominium and cooperative associations aimed at increasing transparency, accountability, and safety.

Stricter Licensing Rules for Community Association Managers

Community association managers (CAMs) are now required to maintain an active license with the Department of Business and Professional Regulation (DBPR), which includes keeping their information up to date regarding the associations and firms they represent.

If a CAM’s license is revoked, they are prohibited from owning or working for a management firm for a period of ten years. Associations must verify that their CAMs are appropriately licensed and in good standing, marking a notable shift in compliance duties at the board level.

Expanded Building Safety and Reserve Oversight

The legislation reinforces requirements for milestone inspections and structural integrity reserve studies (SIRS). Associations must complete their first SIRS by December 31, 2025, and include a funding plan to support long-term structural needs.

Boards may pause or redirect reserve contributions in specific emergencies or inspections, but only with membership approval and in accordance with new statutory procedures. Board members must also sign an affidavit acknowledging receipt of completed SIRS, reinforcing their fiduciary responsibility.

New Standards for Meetings and Records

Operational procedures have also been modernized. Boards may now meet by video conference, but must follow new rules regarding meeting notice, access, recording, and retention of materials. Video recordings must be preserved as official records for a minimum of 12 months.

Additional changes to accounting and insurance appraisal requirements aim to ensure associations are appropriately documented and insured. By October 1, 2025, associations must also maintain an online account with the DBPR containing essential building, governance, and financial information.

Reserve Funding and Investment Options

The threshold for capital repairs requiring funding has increased from $10,000 to $25,000, with future adjustments tied to inflation. For items identified through a SIRS, funding must follow a baseline plan that ensures long-term adequacy.

Funding can be obtained through assessments, loans, or lines of credit, subject to member approval. Boards now have greater flexibility to invest reserve funds in insured financial institutions with a membership vote, provided that investments are made with sound judgment.

These updates aim to give boards stronger financial tools and greater responsibility in safeguarding the association’s long-term stability.

For questions about how these changes may impact your community or to ensure your association is fully compliant, contact Varnum’s Condominium and Homeowners Association Practice Team.

2025 summer associate Nolan Thomas contributed to this advisory. Nolan is currently a law student at the University of Miami.

Does HIPAA Apply To My Business?

Does HIPAA Apply to My Business?

Varnum Viewpoints:

HIPAA applies outside of healthcare providers. If you offer employee health benefits, especially through a self-funded plan, HIPAA applies to your health plan.

You may be a covered entity or business associate. Health plans, providers, and vendors handling health data are subject to HIPAA, often to differing extents.

HIPAA has specific compliance duties. Requirements include privacy notices, policies, risk assessments, and business associate agreements.

The Health Insurance Portability and Accountability Act (HIPAA) applies far more often than many realize, including when a company outside of the healthcare sector provides certain types of health benefits to its own employees. While HIPAA compliance quickly gets complex, determining if it applies to your business does not need to be. This advisory includes helpful definitions of key terms, including Protected Health Information (PHI), the Privacy Rule, and the Security Rule.

What Is a HIPAA Covered Entity?

HIPAA applies only to covered entities, including health care providers and health plans, and their business associates. Many covered entities already know they are subject to HIPAA. This includes those in the healthcare sector, such as doctors, hospitals, pharmacies, and insurance companies, for whom HIPAA compliance should be an integral part of daily business.

Does My Employee Health Plan Make My Company a Covered Entity?

Employer-sponsored health plans are also covered entities. The design of that health plan will impact how HIPAA applies, but the Privacy Rule and the Security Rule make it clear: if employees receive health benefits, HIPAA will apply to the health plan, even if it does not apply to the company in its role as an employer generally. If an employer maintains a fully-insured plan and the insurer is handling most or all of the administration of the coverage, the employer may not receive much PHI, if any. However, as more plans move toward self-funding and self-administration, HIPAA will apply to more functions carried out by the employer.

Who Is a HIPAA Business Associate?

A business associate is any entity that creates, receives, or transmits PHI in relation to a covered entity. Business associates are subject to the same HIPAA compliance rules as covered entities, and the same penalties apply for violation of these rules. In addition, covered entities and their business associates must enter into “business associate agreements” which explicitly require the business associate to comply with HIPAA and may set forth other terms such as notification and indemnification provisions.

As with covered entities in the healthcare sector, most business associates will know that their work is subjecting their business to HIPAA. However, any business that provides products and services that are or could be used to provide healthcare should carefully assess whether and to what extent HIPAA applies to their business. For example, SAAS providers and app developers may have access to PHI, making them a business associate that must comply with HIPAA. Some covered entities will push their vendors to enter into business associate agreements, even if it does not directly apply.

What Is PHI?

Protected health information is any individually identifiable health information that is created, received, stored, or transmitted by a covered entity, an entity subject to HIPAA, such as a health care provider, insurance company, or employer health plan, or their business associates, those entities who access PHI on behalf of the covered entity.

What Is the HIPAA Privacy Rule?

The Privacy Rule is the part of HIPAA that protects PHI through limiting who can access it, how it is used, and providing individuals with rights relating to their PHI.

What Is the HIPAA Security Rule?

The Security Rule is the part of HIPAA that covers how electronic creation, storage, use, and disclosure of PHI must be done to ensure the privacy of PHI.

What Are My HIPAA Compliance Requirements?

When HIPAA applies, the entity is expected to comply with HIPAA’s broad range of requirements. Key compliance requirements include providing a notice of privacy practices, naming a compliance officer responsible for complying with HIPAA, establishing policies and procedures, conducting a risk assessment, and entering into necessary agreements, such as business associate agreements. See our detailed explanation, HIPAA and Employee Benefits: The Basics of Compliance.

If you have questions or concerns, contact a member of our Privacy or Employee Benefits Practice Teams.

DOJ Expands Whistleblower Policy Under Trump Administration

DOJ Expands Whistleblower Policy Under Trump Administration

Varnum Viewpoints:

Whistleblower Scope Expanded: The DOJ now rewards tips on more violations, including immigration and trade, with payouts up to 30% of recoveries.

Individual Focus: The DOJ prioritizes prosecuting individuals, encouraging companies to self-disclose misconduct for leniency.

Enforcement Surge Likely: New whistleblower incentives and the DOJ priorities signal increased investigations, especially in federal programs.

On May 12, 2025, Matthew Galeotti, head of the Department of Justice Criminal Division, issued a memorandum titled “Focus, Fairness, and Efficiency in the Fight against White-Collar Crime,” laying out the Department’s enforcement priorities as they align with the Administration’s agenda. The new enforcement plan reflects longstanding DOJ priorities (including healthcare fraud, market manipulation, and incentivization of voluntary self-disclosure of misconduct) while emphasizing a renewed effort to pursue individual offenders rather than cooperative corporations. 

The broader enforcement plan revisions include changes to the Corporate Whistleblower Awards Pilot Program (CWAPP). Established under the Biden Administration in August 2024, the CWAPP encourages individuals with knowledge of specific categories of white collar crime to come forward in exchange for financial compensation, provided the information enables the DOJ to recover more than $1 million in civil or criminal forfeiture. The potential awards for whistleblowers are substantial: up to 30 percent of the first $100 million of net proceeds forfeited, and up to 5 percent of net proceeds between $100 million and $500 million.

The eligible categories include violations by financial institutions; violations related to foreign corruption and bribery, including violations of the Foreign Corrupt Practices Act; violations by or through companies relating to payment of bribes or kickbacks to domestic public officials; and certain federal health care offenses and frauds related to the health care industry. Whistleblowers are not eligible for an award “if they would be eligible for award through another U.S. government program or statutory whistleblower, qui tam, or similar program if they had reported the same scheme[.]”

The DOJ has expanded the CWAPP program to cover violations committed by or through companies that reflect the Trump administration’s broader policy priorities, including:

  • Fraud against the United States in connection with federally funded contracting or programs,
  • Trade, tariff, and customs fraud,
  • Federal immigration law,
  • Sanction offenses,
  • Material support of terrorism,
  • Crimes involving cartels and transnational criminal organizations, including money laundering, narcotics, and Controlled Substances Act violations.

Updates to Health Care Fraud Coverage in CWAPP

For health care fraud offenses, the revised policy specifically includes federal health care offenses and removes language restricting covered violations to those involving non-public health care programs. On the other hand, it explicitly excludes health care fraud and illegal health care kickbacks from the new provision covering fraud or deception against the United States in connection with federally funded contracts or federal programs. Although these two revisions seem in tension, they likely are intended to maintain consistency with language denying eligibility to whistleblowers who would be eligible for an award through another U.S. whistleblower or qui tam program, such as the False Claims Act (FCA), if they had reported the same scheme. Although the language has changed, there seems to be very little daylight between the prior and revised program when it comes to most fraud violations in the health care industry.

Implications for Companies and Enforcement Trends

The revised program’s inclusion of violations of federal immigration law, procurement and federal program fraud, trade, tariff and customs fraud and violations involving sanctions, material support of terrorism or those facilitating cartels and Transnational Criminal Organizations all carry broad implications that companies should be planning for in the immediate future. With employees financially incentivized to report misconduct in these areas, companies may see an uptick in the reporting of misconduct and enforcement by the DOJ.

Moreover, Attorney General Bondi issued a memo on February 5, 2025, designating immigration enforcement a top prosecution priority. In the context of the revised CWAPP, this could carry significant ramifications for employers across the board. Under the new policy, a whistleblower can now file a tip with the DOJ regarding immigration violations in exchange for a significant reward if the DOJ can successfully prosecute and forfeit substantial assets based on the information. Further, the increase in reporting combined with Attorney General Bondi’s expressed commitment to defending the constitutionality of the False Claims Act, and DOJ leadership signaling an interest in aggressively utilizing the FCA, the next three and a half years are likely to see increased investigation and civil enforcement actions, particularly in connection with federal benefits, contracting programs, and international trade.

It is reasonable to anticipate that the new CWAPP policy will lead to increased reporting, investigation, and civil and criminal enforcement actions against both individuals and companies. In another speech on June 10, 2025, Galeotti reported that the DOJ has continued to see “robust tips from whistleblowers,” including tips in each of the new categories. But companies that self-report and cooperate in investigations might still be able to receive declinations of prosecution via the Criminal Division’s revised Corporate Enforcement and Voluntary Self-Disclosure Policy, even where a whistleblower reported the conduct before the company self-disclosed.

If you have any questions about the revised CWAPP, the DOJ’s new white collar and corporate enforcement policies, or other federal action, contact a member of Varnum’s White Collar Defense and Government Investigations practice team.  

2025 summer associate Mehraan Keval contributed to this advisory. Mehraan is currently a student at Georgetown University Law Center.

 

DOJ Updates Corporate Enforcement Policy to Incentivize Self-Disclosure

DOJ Expands Whistleblower Policy Under Trump Administration

Varnum Viewpoints:

More Certainty for Companies: The DOJ now offers a clearer path to declination for companies that self-disclose, cooperate, and remediate.

Expanded Benefits Even with Aggravating Factors: Companies with aggravating factors may still, qualify for declination or “near miss” treatment.

Whistleblower Risk Heightened: With expanded DOJ whistleblower programs, timely self-reporting is more critical than ever.

The head of the United States Department of Justice Criminal Division, Matthew R. Galeotti, announced on May 12, 2025, that the division is “turning a new page” on white collar crime enforcement. Among other changes, the Criminal Division has revised its corporate enforcement policy to increase incentives for companies to self-disclose misconduct, offering a “clear path” to avoid prosecution.

Speaking at the Securities Industry and Financial Markets Association’s (SIFMA) Anti-Money Laundering and Financial Crimes Conference, Galeotti explained the division will focus on the most egregious and urgent prosecutions, allowing the DOJ to avoid burdensome and drawn-out corporate enforcement investigations. For American companies, voluntary self-disclosure (VSD) is now more definitively advantageous than it was under the previous policy.

What is New About the Revised Corporate Enforcement Policy?

The revised Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP) states the division will decline to prosecute a corporation for criminal conduct when the company makes a proper VSD, fully cooperates with the investigation, timely and appropriately remediates, and does not have aggravating circumstances. The CEP “encourages voluntary self-disclosure of potential wrongdoing at the earliest possible time, even when a company has not yet completed an internal investigation[.]”

Under the previous CEP, these criteria led only to a presumption of declination, leaving companies to consider the possibility that early VSD could do them more harm than good. The goal of the revised policy is to provide more certainty for companies.  

Companies that do not meet the criteria for declination can still benefit from the revised policy. For example, the CEP provides prosecutors discretion to recommend declination, even if there are aggravating circumstances, after weighing the severity of those circumstances against the company’s cooperation and remediation. The Criminal Division will make all declinations under the CEP public, likely to remove the company from the cloud of investigation and in service of general transparency.

In addition, if a company timely and appropriately remediates and self-reports in good faith but does not meet the VSD requirements or has aggravating circumstances that warrant a criminal prosecution, the company will receive “near miss” treatment. “Near miss” treatment yields a non-prosecution agreement (NPA) with a term of three or fewer years, no monitor requirement, and a 75 percent reduction of an already lower fine. The previous policy allowed prosecutors to recommend a fine reduction between 50 and 75 percent off the low-end of the guidelines range.

Companies who are not a “near miss” can still benefit from remediating and cooperating under the revised policy. A company who appropriately remediates and cooperates will receive a presumption of a fine on the low end of the United States Sentencing Guidelines range. The company will not be eligible for more than a 50 percent fine reduction, but prosecutors retain discretion to determine the appropriate form of resolution (e.g., a non-prosecution agreement, deferred prosecution agreement, or guilty plea).

The Criminal Division published a flowchart and definitions to provide guidance on what companies can expect in various circumstances.

Key Considerations for Corporate Compliance and Enforcement

The takeaway for companies is that self-reporting, cooperation, and remediation should provide significantly greater and more predictable (though not certain) benefits than they have previously. The DOJ appears willing to work with companies who come forward in good faith, even if they do not meet all VSD requirements.

The CEP does not specifically define aggravating circumstances. However, it suggests the division will consider the nature and seriousness of the offense, the egregiousness or pervasiveness of the misconduct within the company, the severity of harm caused by the misconduct, and whether the company has been subject to criminal adjudication or resolution for similar conduct within the preceding five years. Companies could benefit from robust internal compliance programs, as prompt discovery and remediation of misconduct and good-faith disclosure to the DOJ appear to be increasingly valuable. In another speech on June 10, Galeotti emphasized that, although it retains discretion to decide declination is not appropriate in certain cases, the Criminal Division is not playing “a game of ‘gotcha’.” Galeotti assured his audience that he is reviewing all corporate resolutions to ensure that a non-declination resolution is warranted by circumstances that are “truly aggravating and sufficient to outweigh the fact that the company voluntarily came forward.”

Galeotti’s remarks and his memorandum reflect a continued focus on prosecuting individual actors, most prominently spelled out by Deputy Attorney General Sally Yates in 2015. Galeotti told SIFMA that the DOJ is “here to prosecute criminals, not law-abiding companies,” and urged companies to use their compliance programs as “the first line of defense” against criminal conduct, incentivizing them to help the DOJ identify and prosecute culpable individuals. In discussing the DOJ’s new guidelines on enforcement of the Foreign Corrupt Practices Act, Galeotti observed in his June 10 remarks that they reflect “common sense principles, such as focusing on specific misconduct of individuals, rather than collective knowledge theories.”

Galeotti’s May 12 speech highlighted the benefits of early cooperation, but his June 10 remarks pointed to the “important corollary”: the Criminal Divisions will “swiftly” and “aggressively” prosecute individuals and companies who do not come forward “and all the benefits of our policies will not be available to these offenders.” Galeotti reported that the DOJ has seen new voluntary self-disclosures since the revised CEP policy was issued.

Companies should also be aware that the Criminal Division piloted a VSD program for individuals in April 2024 and has expanded its whistleblower award program, incentivizing individuals to help the DOJ discover corporate misconduct. Under the CEP’s definition of voluntary self-disclosure, a company can still qualify for a presumption (notably, not a certainty) of declination if a whistleblower makes both an internal report to the company and the DOJ and the company self-reports within 120 days of receiving the internal report. The interplay between the revised CEP and the pilot VSD and whistleblower award programs will likely increase the number of disclosures from both individuals and companies, as everyone involved will be aware of the incentives on both sides. This may make disclosure even more attractive to companies, who should consider getting to the DOJ’s door before a whistleblower does.

However, companies and counsel should keep in mind that these policies govern the DOJ Criminal Division only. They do not bind the 93 U.S. Attorneys’ Offices, the other litigating components at DOJ (such as the Civil, Antitrust, Environment and Natural Resources, and National Security Divisions), other federal agencies (such as the Securities and Exchange Commission), or state and local authorities. These policies might have persuasive weight in how U.S. Attorneys, other DOJ components, and other agencies approach white collar and corporate enforcement, but it is important to consider any multi-jurisdictional aspects at play.

For help navigating the DOJ’s revised corporate enforcement policy or new white collar crime policy, contact a member of Varnum’s White Collar Defense and Government Investigations practice team.

2025 summer associate Julia Sommerfeld contributed to this advisory. Julia is currently a student in the Moritz College of Law at Ohio State University.

DOJ Announces New White Collar Crime Policy

DOJ Announces New White Collar Crime Policy

Varnum Viewpoints:

Focus on Individuals: The DOJ will prioritize prosecuting individual offenders over corporations in most white collar cases.

Incentives for Corporate Cooperation: Companies that self-report and cooperate may avoid prosecution under the revised enforcement policy, which emphasizes shorter resolution periods.

Streamlined Investigations: The DOJ aims to reduce the length, cost, and burden of white collar investigations and monitoring, addressing business concerns.

Following months of uncertainty and speculation regarding the future and scope of white collar enforcement under Attorney General Pam Bondi, the United States Department of Justice Criminal Division has publicized its new policy on white collar crime.

In a memorandum dated May 12, 2025, and in a speech the same day, Criminal Division head Matthew R. Galeotti, unveiled three “core tenets” that will guide the division’s approach to white collar investigations and prosecution: focus, fairness, and efficiency. Galeotti followed up on these announcements in another speech delivered on June 10, 2025.

These core tenets are accompanied by a renewed focus on the prosecution of individuals committing crimes affecting federal benefits programs, the U.S. economy and markets, and national security, with a diminished emphasis on holding companies responsible for the actions of individual directors, officers, and employees.   

Focus

Galeotti identified four broad areas of focus for the Criminal Division:

  • Waste, fraud, and abuse in government programs
  • Complex frauds that victimize United States investors and weaken the integrity of markets
  • Crimes that exploit U.S. monetary systems
  • Threats to the United States economy, competitiveness, and national security

Within these areas, Galeotti specified “high impact” offenses that the Criminal Division will prioritize, such as healthcare, program and procurement, investment, and elder fraud, and “fraud that threatens the health and safety of consumers;” bribery and money laundering (particularly that impact United States interests, threaten national security, or facilitate the activities of cartels, transnational criminal organizations, or foreign terrorist organizations); customs, trade, tariff, and sanctions violations; crimes involving foreign adversary companies listed on United States exchanges; and crimes involving digital assets that victimize investors and consumers or that facilitate other criminal conduct.

Fairness

The May 12 announcements continue the DOJ’s trend of prioritizing the prosecution of individuals over corporations. Amplifying Deputy Attorney General Sally Yates’s message in 2015, Galeotti stated, “The Department’s first priority is to prosecute individual criminals” involved in corporate crime because “[i]t is individuals—whether executives, officers, or employees of companies—who commit these crimes, often at the expense of shareholders, workers, and American investors and consumers.”

Moreover, the May 12 memorandum observes that “not all corporate misconduct warrants federal prosecution,” so “civil and administrative remedies directed at corporations, are often appropriate to address low-level corporate misconduct[.]” This emphasis on prosecuting individuals continued in Galeotti’s June 10 remarks, when he observed that recently published guidelines for DOJ investigations and enforcement of the Foreign Corrupt Practices Act reflected “common sense principles, such as focusing on specific misconduct of individuals, rather than collective knowledge theories.”

Accompanying this focus on individual liability is a revised Corporate Enforcement Policy that provides a “clear pathway” to criminal declination for proactive, cooperative companies. If declination is not appropriate, corporate resolutions should last no longer than three years except in “exceedingly rare cases.” The Criminal Division also plans to review existing agreements for early termination and will consider the duration of the post-resolution period, a substantial reduction in the company’s risk profile, the extent of remediation, the maturity of the corporate compliance program, and whether the company self-reported the misconduct. Going forward, prosecutors must regularly assess resolution agreements to determine whether early termination is appropriate.

Efficiency

Recognizing that white collar investigation and prosecution are important, but can be costly and intrusive to businesses, the division announced new instructions for the conduct of corporate investigations. First, prosecutors must take all reasonable measures to minimize the length and collateral impact of investigations and make charging decisions as swiftly as possible. Galeotti’s office will track investigations to ensure they do not linger, and he reiterated in his June 10 remarks that the Criminal Division will move investigations “expeditiously” and “do its part to charge or decline quickly.” Second, as discussed more fully in a separate memorandum, the Criminal Division will limit the use and scope of monitors, with a new emphasis on narrowly tailored mandates and minimizing expense, burden, and interference with the business.

Analysis

Galeotti’s recent speeches and May 12 memorandum suggest the reports of the death of federal white collar criminal enforcement might have been exaggerated. The new policies reflect this administration’s keen interest in using “white collar” tools to pursue drug cartels, transnational criminal organizations, foreign terrorists, and foreign trade-related offenses, but many of the areas of focus in white collar prosecution are not new. In his June 10 speech, Galeotti emphasized that the DOJ remains committed to “an aggressive and robust strategy to investigate and prosecute white-collar and corporate crime.”

Considering ongoing attrition at the DOJ and high-profile dismissals and clemency in corporate, fraud, crypto, and public corruption cases, how the DOJ will deploy resources toward traditional white collar crime is an open question. For example, the Criminal Division plans to devote resources to prosecuting “trade and customs fraudsters” who circumvent the “rules and regulations that protect American consumers.” Yet this initiative seems at odds with Executive Order 14294 issued on May 9, 2025, which states the policy of the United States is to disfavor criminal enforcement of federal regulations.

Galeotti’s disdain for “lengthy and sprawling investigations” in his June 10 remarks, and emphasis on efficiency and sensitivity to the costs of investigations suggest that targets of investigations might have a receptive audience with DOJ supervisors if investigations linger or spiral in scope. But the decision whether and when to appeal to supervisors must be carefully considered. Galeotti urged targets and their counsel to exhaust discussions with line prosecutors to narrow disputed issues and advised them to be “conscientious about what, when, and how you appeal the decisions of Trial Attorneys and AUSAs.” Galeotti specifically warned that prematurely seeking relief, “mischaracterizing prosecutorial conduct, or otherwise failing to be an honest broker” will be “counter-productive to your appeals” and might undermine otherwise meritorious arguments.

The new white collar policy should be considered in context with the revised corporate enforcement policy, the whistleblower program, and the Pilot Program on Voluntary Self-Disclosures (VSD) for Individuals that rolled out in April 2024, which rewards certain eligible insiders with non-prosecution agreements in exchange for self-disclosure. It remains to be seen how the Criminal Division’s emphasis on individual responsibility will affect its implementation of its whistleblower and individual VSD programs.

Individuals, organizations, and counsel should keep in mind that these policies govern the DOJ Criminal Division only. They do not bind the 93 U.S. Attorneys’ Offices, the other litigating components at the DOJ (such as the Civil, Antitrust, Environment and Natural Resources, and National Security Divisions), other federal agencies (such as the Securities and Exchange Commission), or state and local authorities. These policies might have significant persuasive weight in how U.S. Attorneys, other DOJ components, and other agencies approach white collar and corporate enforcement, but it is important to consider any multi-jurisdictional aspects at play.

For help navigating the DOJ’s new white collar crime enforcement policy or revised corporate enforcement policy, contact a member of Varnum’s White Collar Defense and Government Investigations practice team.

2025 summer associate Rachel Dodds contributed to this advisory. Rachel is currently a student at Wayne State University Law School.

NCAA NIL Settlement Reshapes College Athletics and Athlete Payments

NCAA NIL Settlement Brings Major Shifts to College Athletics

The NCAA and Power Four conferences entered into a final settlement agreement (the Settlement) on June 6, 2025, resolving several pending lawsuits brought by college athletes over the use of their name, image, and likeness (NIL). These cases were combined into one called In re College Athlete NIL Litigation. The Settlement significantly changes the landscape of NIL rights and college athletics overall.

The Settlement includes several key provisions, including payments to current and former Division I athletes, revenue sharing, roster limits, and a new enforcement entity responsible for ensuring schools and athletes comply with NIL rules.

Back Payments to Former Athletes

The Settlement includes payment of $2.8 billion in damages to be paid over 10 years to certain former Division I athletes who played collegiate sports before NIL compensation was allowed in 2021. These payments are intended to compensate student athletes for revenue they could have earned if the previous prohibition on NIL and revenue sharing was not in place.

Direct Payments and Revenue Sharing

Under the new framework, student athletes can be paid directly by their schools using funds from a compensation pool. This pool is based on 22% of the average annual revenue of all participating institutions, estimated at $20.5 million in 2025. The pool will increase by 4% each year. Each school will use its portion of the pool to pay athletes across all sports and decide how to distribute the funds.

Elimination of Scholarship Caps

The Settlement removes limits on how many scholarships schools can grant per sport, allowing them to offer an unlimited number. However, any scholarship exceeding the old NCAA limits will count against a school’s compensation pool at the full cost of attendance. Scholarships offered within the previous NCAA limits will not reduce the school’s pool.

Introduction of Roster Limits

While the Settlement removes scholarship limits, it also imposes roster limits. The new roster limits allow schools to offer full or partial scholarships to all athletes on a team, rather than being limited to a fixed number of scholarships per sport. The issue of roster limits and its harm to current student athletes resulted in a delay of the final settlement approval. A provision was included to protect current athletes who may have lost roster spots due to the Settlement, allowing them to use the rest of their eligibility without penalty.

New Oversight and Reporting Platform

The Settlement requires the NCAA and Power Four conferences to establish an enforcement entity. This led to the creation of the College Sports Commission, which will be responsible for enforcing rules on roster limits, revenue sharing, and third-party NIL deals. The specific enforcement procedures will likely continue to evolve following the Settlement.

The College Sports Commission is expected to work with Deloitte to manage a new platform called NIL Go, which handles reporting and vetting third-party NIL deals. This platform will serve as a clearinghouse to vet any NIL agreements over $600 involving entities like boosters and collectives.

The Settlement introduces significant changes to college athletics and NIL, but it does not settle all outstanding issues. Whether student athletes should be considered employees by their schools and whether student athletes have the right to collectively bargain still needs to be decided.  

The regulatory landscape of college athletics continues to evolve rapidly. Interested parties should contact Varnum’s NIL Practice Team to ensure they are in compliance with NCAA, state, and institutional regulations.

What Founders Should Know About Credit Union Investments

Fintech’s Untapped Market: Credit Unions and CUSO Investment

If you’re building a Fintech, Insurtech, or similar service tech startup, credit unions may not be the first market you think of, but they should be. Beyond being valuable customers, they can also be an important source of investment capital.

Credit unions are not-for-profit financial institutions that are owned and operated by their members. Unlike traditional banks, they focus on returning value to members through lower loan rates, higher savings yields, reduced fees, and paying member dividends. Membership is usually limited to certain communities, like employees of a specific company, members of a labor union, or residents of a particular area (which credit unions call “field of membership”).

What Is a Credit Union Service Organization (CUSO)?

A CUSO is a business entity owned by one or more federally insured credit unions. It is designed to provide services that reduce operating costs, improve efficiency, or deliver innovative products to credit union members. CUSOs allow credit unions to collaborate and expand their offerings, especially in fast-evolving sectors like Fintech and Insurtech.

Can Credit Unions Invest in Startups?

Yes. According to the National Credit Union Administration (NCUA), which regulates credit unions, in 2021 there were over 1,000 active CUSOs that attracted more than $4 billion in investments and over $1 billion in loans. Those numbers highlight how engaged credit unions are in supporting innovation.

Why Are Credit Unions a Unique Market Opportunity for Service Tech Startups?

What makes this particularly attractive for Service Tech startup companies is that a credit union can be both a customer and an investor. When a product aligns with their mission to serve members, they may not just adopt it, they may help fund it.

What Are the Regulatory Requirements for Receiving Credit Union Investment?

There are some important federal regulatory requirements to keep in mind. The NCUA stipulates that, to receive investments from credit unions, the majority of your startup’s revenue must come from credit union clients. They also maintain a list of approved products and services that CUSOs can offer, focused on those that directly benefit credit union members. These include, but are not limited to, financial planning, investment, insurance, and mortgage offerings.

State chartered credit unions (as opposed to federally chartered credit unions) typically have their own state regulatory schemes they must follow. State requirements generally have similarities to federal ones, but present additional requirements state regulators find important in assuring a credit union’s overall financial health.

Is a CUSO the Right Fit for Your Startup?

Many startups choose to form a dedicated CUSO subsidiary. This structure helps meet the revenue and service requirements, operate within the regulatory framework, and build a focused channel for both revenue and capital from the credit union ecosystem.

To explore whether a CUSO structure is appropriate for your business model or to better understand the regulatory considerations involved, contact a member of Varnum’s Startup Practice Team.