Photo of Jonathan S. Kolodner

Jonathan S. Kolodner’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2024”.

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules to enhance and standardize disclosure requirements related to cybersecurity.  In order to comply with the new reporting requirements of the rules, companies will need to make ongoing materiality determinations with respect to cybersecurity incidents and series of related incidents.  The inherent nature of cybersecurity incidents, which are often initially characterized by a high degree of uncertainty around scope and impact, and an SEC that is laser-focused on cybersecurity from both a disclosure and enforcement perspective, combine to present registrants and their boards of directors with a novel set of challenges heading into 2024.Continue Reading Crossing a New Threshold for Material Cybersecurity Incident Reporting

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) adopted rules to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance.Continue Reading New SEC Disclosure Rules for Cybersecurity Incidents and Governance and Key Takeaways

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

In a recent survey of almost 2,800 global organizations, one in five respondents reported experiencing a ransomware attack in 2021—with almost half of those respondents suffering significant operational impacts as a result.

Corporate investigations under the Biden Administration’s Department of Justice (“DOJ”) are expected to increase in the coming months.  Navigating such investigations can be complex, distracting, and costly, and comes with the risk of prosecution and significant collateral consequences for the company.  Recently, Cleary Gottlieb partners and former DOJ prosecutors, Lev Dassin, Jonathan Kolodner, and Rahul

On June 1, 2020, the Criminal Division of the U.S. Department of Justice (the “Department”) released revisions to its guidance regarding the Evaluation of Corporate Compliance Programs, which the Department uses in assessing the “adequacy and effectiveness” of a company’s compliance program in connection with any decision to charge or resolve a criminal investigation, including

On March 20, 2020, news outlets reported that four U.S. Senators sold millions of dollars in stock following classified briefings to the Senate on the threat of a COVID-19 outbreak.  Three days later, the Co-Directors of the Securities and Exchange Commission’s (“SEC”) Division of Enforcement, Stephanie Avakian and Steven Peikin, issued a statement reminding market participants of their obligations with respect to material non-public information (“MNPI”) and of the SEC’s commitment to protecting investors from fraud and ensuring market integrity.[1]
Continue Reading Insider Trading Risk During the COVID-19 Outbreak

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2020”.

According to a 2019 survey, Chief Legal Officers ranked data breaches as the most important issue keeping them “up at night.” Cybersecurity also remained top of mind for boards and other corporate

In late July 2019, U.S. federal and state regulators announced three headline‑grabbing data privacy and cybersecurity enforcement actions against Equifax and Facebook.  Although coverage of these cases has focused largely on their striking financial penalties, as important are the terms the settlements imposed on the companies’ operations as well as their officers, directors, and compliance professionals—and what they signal about potential future enforcement activity to come.
Continue Reading July 2019 Privacy and Cybersecurity Enforcement: Lessons for Management and Directors

As discussed in our most recent blog post, on April 30, 2019, the Criminal Division of the U.S. Department of Justice (“DOJ” or “the Department”) announced updated guidance for the Criminal Division’s Evaluation of Corporate Compliance Programs (“the Guidance”).  The Guidance is relevant to the exercise of prosecutorial discretion in conducting an investigation of a corporation, determining whether to bring charges, negotiating plea or other agreements, applying sentencing guidelines and appointing monitors.[1]  The Guidance focuses on familiar factors: the adoption of a well-designed compliance program that addresses the greatest compliance risks to the company, the effective implementation of the company’s compliance policies and procedures, and the adequacy of the compliance program at the time of any misconduct and the response to that misconduct.  The Guidance makes clear that there is no one-size-fits-all compliance program and that primary responsibility for the compliance program will lie with senior and middle management and those in control functions.
Continue Reading DOJ Guidance on Corporate Compliance Programs: A Checklist for Directors

On April 30, 2019, the Criminal Division of the U.S. Department of Justice announced updated guidance for the Criminal Division’s Evaluation of Corporate Compliance Programs (“the Guidance”) in charging and resolving criminal cases.  This memorandum highlights key updates and discusses the themes present across versions of the Guidance.  Overall, this newest version places greater emphasis