Category Archives: PCCE Directors’ Academy

Two New Keynote Speakers Added to PCCE’s 4th Annual Directors’ Academy

Photos of Keynote Speakers

Matthew Olsen and Ismail Ramsey

We are honored to announce that Matthew Olsen, the Assistant Attorney General for the National Security Division at the U.S. Department of Justice, and Ismail Ramsey, the U.S. Attorney for the Northern District of California, will be additional keynote speakers at our 4th Annual Directors’ Academy at NYU School of Law on October 31st and November 1st, 2024. The agenda and registration portal are available here

Olsen, who leads the DOJ’s mission to combat terrorism, espionage, cyber crime, and other threats to the national security, and Ramsey, who, as U.S. Attorney for Northern California, is colloquially known as the “Sheriff of Silicon Valley,” overseeing investigations and cases concerning the leading technology companies in the world, will participate in a keynote and fireside chat titled New and Persistent Cyber Threats Overlooked by Boards and Management: Lessons for Boards. The session, which will take place on October 31st, will focus on providing board directors and senior management with the information they need to identify and manage the most critical cyber and national security-related threats to their firms, include the theft of intellectual property. It will be followed immediately by an expert panel to discuss board governance and oversight of cybersecurity. Both sessions will be moderated by Joseph Facciponti, PCCE’s Executive Director and former cybercrime prosecutor at the U.S. Attorney’s Office for the Southern District of New York.

Continue reading

Registration Open for PCCE’s 4th Annual Directors’ Academy

NYU Campus

We are pleased to announce that registration is open for our 4th Annual Directors’ Academy at NYU School of Law on October 31st and November 1st, 2024. The agenda and registration portal are available here. The program is for directors who currently serve on public and for-profit private company boards, as well as C-Suite legal, risk, ethics, audit, and compliance professionals.[1] 

Continue reading

Crossing a New Threshold for Material Cybersecurity Incident Reporting

by Helena K. Grannis, Rahul Mukhi, Jonathan S. Kolodner, Tom Bednar, Nina E. Bell, and James P. Abate

Photos of authors

Helena K. Grannis, Rahul Mukhi, Jonathan S. Kolodner, Tom Bednar, Nina E. Bell, and James P. Abate (photos courtesy of Cleary Gottlieb Steen & Hamilton LLP)

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules to enhance and standardize disclosure requirements related to cybersecurity. In order to comply with the new reporting requirements of the rules, companies will need to make ongoing materiality determinations with respect to cybersecurity incidents and series of related incidents. The inherent nature of cybersecurity incidents, which are often initially characterized by a high degree of uncertainty around scope and impact, and an SEC that is laser- focused on cybersecurity from both a disclosure and enforcement perspective, combine to present registrants and their boards of directors with a novel set of challenges heading into 2024. Continue reading

Looking Back at Fall 2023 PCCE Events: 3rd Annual Directors’ Academy

As we begin to prepare for a full schedule of events in 2024, starting with an event on Voluntary Self-Disclosure Policy for Export Controls Violations on January 16, 2024, the NYU School of Law Program on Corporate Compliance and Enforcement (PCCE) is taking a moment to reflect on our busy Fall 2023 program. In this post: our third annual PCCE Directors’ Academy on September 21-22, 2023.

Photo of speaker

Keynote speaker Heather Lavallee, CEO, Voya Financial, Inc. (©Hollenshead: Courtesy of NYU Photo Bureau)

Continue reading

Economic Sanctions: Developments and Considerations for Board Members

by Chase D. Kaniecki and Samuel H. Chang

U.S. sanctions policy in the first year of the Biden administration saw both change and continuity. As expected, the administration sought to cooperate with allies to impose multilateral (rather than unilateral) sanctions, focused on human rights abuses and opened the door for a new nuclear deal with Iran. At the same time, the administration continued to focus on virtual currencies and on combating illicit cyber activities relating to ransomware, and clarified (and in some respects expanded) sanctions issued under the Trump administration targeting Chinese companies deemed to be part of the Chinese military-industrial complex.[1]

In 2022, boards of directors should be aware of continued regulatory focus on virtual currencies and ransomware, potential divergences and conflicts across new global sanctions regimes and potential sanctions developments relating to Russia, Iran and China.

Continue reading

Returning to the Future of Work: Considerations for the Virtual Board Room in the ‘Post’-Pandemic Era

by Jeffrey D. Karpf and Fernando A. Martinez

Almost two years into the COVID-19 pandemic, it is clear that the corporate workplace has changed for good. As the world continues to reopen and companies return to the office, what we are returning to is not business as usual, but a new future of work – a future characterized by a shift from the traditional workplace to remote and hybrid models that provide opportunities to work in effective and efficient ways from anywhere. Companies are faced with challenges as they return to the office and are finding they need to adapt to remain competitive, attract talent and stay prepared for future crises. Boards of directors of public companies should play an important role in defining what this future looks like and ensuring companies are set up for success.

Continue reading

Spotlight on Boards

by Martin Lipton, Steven Rosenblum, Karessa Cain, and Hannah Clark 

The ever-evolving challenges facing corporate boards prompt periodic updates to a snapshot of what is expected from the board of directors of a public company—not just the legal rules, or the principles published by institutional investors and various corporate and investor associations, but also the aspirational “best practices” that have come to have equivalent influence on board and company behavior. The ongoing coronavirus pandemic and resulting economic and social turbulence, combined with the wide embrace of ESG, stakeholder governance and sustainable long-term investment strategies, are propelling a decisive inflection point in the responsibilities of boards of directors. The 2016 and 2020 statements of corporate purpose by the World Economic Forum and the 2019 embrace of stakeholder capitalism by the Business Roundtable, together with current statements of policy by most of the leading corporations, institutional investors, asset managers and their organizations, as well as governments and regulators in and outside the United States, lead us to summarize the purpose of the corporation:

Continue reading

SEC Approves Nasdaq Board Diversity Listing Standards

by Brian V. Breheny, Raquel Fox, Marc S. Gerber, Andrew J. Brady, Caroline S. Kim, Ryan J. Adams, Andrew T. Bond, Leo W. Chomiak, Jeongu Gim, Blake M. Grady, and Khadija Lalani

On August 6, 2021, the Securities and Exchange Commission (SEC) approved[1] the Nasdaq Stock Market’s (Nasdaq) proposal to amend its listing standards to encourage greater board diversity and to require board diversity disclosures for Nasdaq-listed companies. Subject to transition periods and limited exceptions, Nasdaq-listed companies will be required to (i) publicly disclose board-level diversity statistics on an annual basis using a standardized matrix template under Nasdaq Rule 5606 and (ii) have, or disclose why they do not have, a minimum of two diverse board members under Nasdaq Rule 5605(f).[2]  The mandatory “board diversity matrix” disclosure and the “comply or explain” board diversity framework are described in greater detail below. This post reflects updates from Nasdaq guidance issued August 13, 2021.

Continue reading

Cybersecurity Oversight and Defense – A Board and Management Imperative

by John F. Savarese, Sarah K. Eddy, Sabastian V. Niles, and Jeohn Salone Favors 

This past weekend, criminal ransomware cyberattacks drove the shutdown of one of America’s largest pipelines for refined gasoline, diesel fuel, and jet fuel as a precautionary means of containing the impact of the breach, highlighting the vulnerability of the nation’s energy infrastructure. Recent reports indicate that more than two dozen other company victims across a range of industries were targeted by these ransomware attacks, with worse damage blocked thanks to close and rapid coordination between federal authorities and private sector partners to identify and swiftly shut down servers being used in the attack. Earlier this month, a California- based regional hospital operator had to take healthcare IT systems offline following a cyberattack, significantly disrupting care, forcing medical personnel to use back-up paper records and raising concerns about vulnerabilities in the healthcare system as the nation continues to battle the Covid-19 pandemic.

Continue reading

Effective Access Controls, Timely Breach Notification, and Other Takeaways from the Latest NYDFS Cyber Resolution

by Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Johanna Skrzypczyk, Christopher S. Ford, Parker Eudy, and Mengyi Xu

On April 14, 2021, the New York State Department of Financial Services (the “DFS”)  announced that its cyber-enforcement action against National Securities Corporation (“National Securities”) has been resolved by a Consent Order (PDF: 550 KB) that imposes a $3 million penalty. This is the latest step in the DFS’s very active cyber-enforcement agenda. The charges against First American Title Insurance Company are pending with an August 16 hearing date, and last month, the DFS reached its first full cybersecurity resolution with Residential Mortgage Services.

Continue reading