Tag Archives: Jonathan S. Kolodner

Crossing a New Threshold for Material Cybersecurity Incident Reporting

by Helena K. Grannis, Rahul Mukhi, Jonathan S. Kolodner, Tom Bednar, Nina E. Bell, and James P. Abate

Photos of authors

Helena K. Grannis, Rahul Mukhi, Jonathan S. Kolodner, Tom Bednar, Nina E. Bell, and James P. Abate (photos courtesy of Cleary Gottlieb Steen & Hamilton LLP)

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules to enhance and standardize disclosure requirements related to cybersecurity. In order to comply with the new reporting requirements of the rules, companies will need to make ongoing materiality determinations with respect to cybersecurity incidents and series of related incidents. The inherent nature of cybersecurity incidents, which are often initially characterized by a high degree of uncertainty around scope and impact, and an SEC that is laser- focused on cybersecurity from both a disclosure and enforcement perspective, combine to present registrants and their boards of directors with a novel set of challenges heading into 2024. Continue reading

U.S. District Court Tosses FIFA Bribery Convictions, Finding Honest Services Statute Does Not Reach Foreign Commercial Bribery

 by Victor L. Hou, Joon H. Kim, Jonathan S. Kolodner, Rahul Mukhi, Hannah Rogge, Lisa Vicens, David A. Last, Matthew C. Solomon, and Jennifer Kennedy Park.

Photos of the authors

Top left to right: Victor L. Hou, Joon H. Kim, Jonathan S. Kolodner, Rahul Mukhi, and Hannah Rogge.
Bottom left to right: Lisa Vicens, David A. Last, Matthew C. Solomon, and Jennifer Kennedy Park.
(Photos courtesy of Cleary Gottlieb Steen & Hamilton LLP).

On September 1, 2023, U.S. District Judge Pamela K. Chen of the Eastern District of New York granted a judgment of acquittal in the latest FIFA bribery prosecution, holding that the federal honest services statute, 18 U.S.C. § 1346, does not cover foreign commercial bribery in light of recent Supreme Court precedent.

The decision comes after a jury convicted two defendants of honest services wire fraud and money laundering arising from the U.S. Department of Justice (“DOJ”)’s multi-year pursuit of alleged corruption in FIFA and the international soccer media industry.  Judge Chen based her ruling on the Supreme Court’s recent decisions in Ciminelli v. United States and Percoco v. United States, which cabined the reach of honest services mail and wire fraud in domestic corruption prosecutions.  Applying the principles articulated by these two decisions—which were issued by the Supreme Court two months after the verdict in the latest FIFA trial—Judge Chen held that honest services did not cover the foreign commercial bribery that was the object of the charged conspiracy.  The DOJ may appeal, and U.S. prosecutors may still reach similar conduct under different federal statutes, like the Foreign Corrupt Practices Act (“FCPA”), the federal programs bribery statute, anti-money laundering laws, and the Travel Act, albeit with some limitations.  However, the decision continues a trend of U.S. courts rejecting an overly broad reading of federal fraud and corruption statutes. 

Continue reading

U.S. Attorney’s Offices Issue Nationwide Corporate Voluntary Self-Disclosure Policy

by Joon H. Kim, Lev L. Dassin, Jonathan S. Kolodner, Lisa Vicens, Andrés Felipe Sáenz, and Roberta Mayerle

From left to right: Joon H. Kim, Lev L. Dassin, Jonathan S. Kolodner, Lisa Vicens, Andrés Felipe Sáenz, and Roberta Mayerle (Photos courtesy of Cleary Gottlieb Steen & Hamilton)

On February 22, 2023, the Department of Justice announced a new corporate Voluntary Self-Disclosure Policy for U.S. Attorney’s Offices nationwide (the “USAO Policy”).[1]  The USAO Policy sets forth clearer and concrete benefits for companies that voluntarily and timely self-report misconduct as had been directed by the September 15, 2022 memorandum from the Deputy Attorney General for the Department of Justice (“DOJ”) (the “Monaco Memorandum”).[2]  The USAO Policy also follows the significant revisions to the DOJ Criminal Division’s Corporate Enforcement and Voluntary Self-Disclosure Policy recently announced on January 17, 2023 (the “Corporate Enforcement Policy”).[3] 

The USAO Policy applies to all U.S. Attorney’s Offices and is effective immediately.  As such, it standardizes what was previously a patchwork of different practices across U.S. Attorney’s Offices and fills a gap where no comprehensive voluntary self-disclosure policy previously existed. 

Continue reading

DOJ Charges Former Uber Executive for Alleged Role in Attempted Cover-Up of 2016 Data Breach

by Rahul Mukhi, Joon H. Kim, Jonathan S. Kolodner, and Michael J. Phelan

On August 20, 2020, the Department of Justice (“DOJ”) announced that it had charged Joseph Sullivan, the former Chief Security Officer (“CSO”) of Uber Technologies Inc. (“Uber”), with obstruction of justice and misprision of a felony for allegedly attempting to cover up Uber’s 2016 data incident during the course of an investigation by the Federal Trade Commission (“FTC”). While the DOJ and federal law enforcement have generally treated corporate hacking targets as victims in connection with data breaches, the charges against Sullivan reinforce that they will actively pursue any violations of federal law that are committed by entities or individuals during the course of responding to such incidents.

Continue reading

Accountability and Enforcement Under the CARES Act: What to Expect from the Act’s Oversight Provisions

by Joon H. Kim, Jonathan S. Kolodner, Elizabeth Vicens, and Natalie Noble

On Friday, March 27, 2020, the Coronavirus Aid, Relief, and Economic Security Act (PDF: 472 KB) (“CARES Act”) became law, marking the third phase of government aid to combat the COVID-19 pandemic. This $2 trillion stimulus package, the largest in American history, will be accessed by wide swaths of the economy, with similarly widespread potential for fraud. Consequently, the accountability and oversight provisions built into the CARES Act, especially of the $500 billion corporate relief fund, warrants attention. Taking its cue from—and seemingly modeled after—the 2008 Troubled Asset Relief Program (“TARP”), the CARES Act establishes a three-part oversight structure, including a Special Inspector General for Pandemic Recovery (“SIGPR”) with far-reaching authority to monitor the $500 billion fund. Based on the experience with TARP oversight and the enforcement actions taken by the Special Inspector General of TARP (“SIGTARP”) over the years, we can expect a high level of scrutiny by SIGPR and the other overseers, as well as potentially years of investigations into fraud and misuse of CARES Act funds resulting in substantial monetary penalties and criminal referrals. Continue reading

DOJ Updates FCPA Corporate Enforcement Policy

By Jonathan S. Kolodner, Lisa Vicens, and Lorena Michelen

In a recent speech at the annual ABA White Collar Crime Conference in New Orleans, Assistant Attorney General Brian Benczkowski of the Criminal Division of the Department of Justice (“DOJ”) announced certain changes to the FCPA Corporate Enforcement Policy (“the Enforcement Policy” or “Policy”) to address issues that the DOJ had identified since its implementation.[1]  These and other recent updates have since been codified in a revised Enforcement Policy in the Justice Manual.[2] 

The Enforcement Policy, first announced by the DOJ in November 2017, was initially applicable only to violations of the FCPA, but was subsequently extended to all white collar matters handled by the Criminal Division.[3]  The Policy was designed to encourage companies to voluntary self-disclose misconduct by providing more transparency as to the credit a company could receive for self-reporting and fully cooperating with the DOJ.  Among other things, the Enforcement Policy provides a presumption that the DOJ will decline to prosecute companies that meet the DOJ’s requirement of “voluntary self-disclosure,” “full cooperation,” and “timely and appropriate remediation,” absent “aggravating circumstances” – i.e. relating to the seriousness or frequency of the violation.  For more information on the Enforcement Policy, read our blog post explaining it

The most significant recent changes to the Enforcement Policy include eliminating the prohibition on a company’s usage of ephemeral instant messaging applications to receive full credit for “timely and appropriate remediation.”  Additionally, the modified Enforcement Policy (1) now makes clear that one requirement of cooperation, de-confliction of witness interviews, should not interfere with a company’s internal investigation; (2) confirms based on an earlier announcement, that the Policy applies in the context of a merger and acquisition (“M&A”), if an acquiring company discovers and self-discloses misconduct in a target; and (3) implements a change announced months before by the Deputy Attorney General that a company only needed to provide information about individuals “substantially involved” in the offense.  These changes are discussed in greater detail below. Continue reading