Photo of Rahul Mukhi

Rahul Mukhi

Subscribe to Rahul Mukhi's Posts

Rahul Mukhi’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

Contact:Read more about Rahul Mukhi

The following is part of our annual publication Selected Issues for Boards of Directors in 2025Explore all topics or download the PDF.

The SEC pursued multiple high profile enforcement actions in 2024, alongside issuing additional guidance around compliance with the new cybersecurity disclosure rules. Together these developments demonstrate a continued focus by the SEC on robust disclosure frameworks for cybersecurity incidents. Public companies will need to bear these developments in mind as they continue to grapple with cybersecurity disclosure requirements going into 2025.Continue Reading Cybersecurity Disclosure and Enforcement Developments and Predictions

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2024”.

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules to enhance and standardize disclosure requirements related to cybersecurity.  In order to comply with the new reporting requirements of the rules, companies will need to make ongoing materiality determinations with respect to cybersecurity incidents and series of related incidents.  The inherent nature of cybersecurity incidents, which are often initially characterized by a high degree of uncertainty around scope and impact, and an SEC that is laser-focused on cybersecurity from both a disclosure and enforcement perspective, combine to present registrants and their boards of directors with a novel set of challenges heading into 2024.Continue Reading Crossing a New Threshold for Material Cybersecurity Incident Reporting

At the September 21, 2023 Conference of the Global Investigations Review, Principal Associate Deputy Attorney General Marshall Miller announced actions by the Department of Justice (“DOJ”) to further incentivize companies engaged in M&A to prioritize compliance.  Miller affirmed that “acquiring companies should be rewarded—rather than penalized—when they engage in careful pre-acquisition diligence and post-acquisition integration to detect and remediate misconduct at the acquired company’s business.”[1] He noted that in practice, “… [Main Justice’s] Criminal Division has declined to take enforcement action against companies that have promptly and voluntarily self-disclosed misconduct uncovered in the mergers and acquisitions context and then remediated and cooperated with the Justice Department in prosecuting culpable individuals,” and that the DOJ “will be looking to apply that same approach Department-wide.”[2]  Continue Reading DOJ Announces Additional Guidance on Voluntary Self-Disclosure in M&A Context

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC” or “Commission”) adopted rules to enhance and standardize disclosure requirements related to cybersecurity incident reporting and cybersecurity risk management, strategy, and governance.Continue Reading New SEC Disclosure Rules for Cybersecurity Incidents and Governance and Key Takeaways

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

In a recent survey of almost 2,800 global organizations, one in five respondents reported experiencing a ransomware attack in 2021—with almost half of those respondents suffering significant operational impacts as a result.

On July 13, 2021, the Securities and Exchange Commission (“SEC”) announced a major enforcement action related to a proposed merger between a special purpose acquisition company (“SPAC”) and a privately held target company (“Target”).  This followed numerous warnings by the SEC staff over several months of enhanced scrutiny of such transactions under the federal securities laws.[1]  The respondents, except for the Target’s CEO, settled the action by collectively agreeing to civil penalties of approximately $8 million and to certain equitable relief described below. [2]
Continue Reading SEC Brings SPAC Enforcement Action and Signals More to Come

Last week, John Coates, the Acting Director of the SEC’s Division of Corporation Finance (“Corp Fin”), released a statement discussing liability risks in de-SPAC transactions.

The statement focused in particular on the concern that companies may be providing overly optimistic projections in their de-SPAC disclosures, in part based on the assumption that such disclosures are protected by a statutory safe harbor for forward-looking statements (which is not available for traditional IPOs).  Director Coates’s statement questions whether that assumption is correct, arguing that de-SPAC transactions may be considered IPOs for the purposes of the statute (and thus fall outside the protection offered by the statutory safe harbor).  He therefore encourages SPACs to exercise caution in disclosing projections, including by not withholding unfavorable projections while disclosing more favorable projections.
Continue Reading Acting Director of SEC’s Corp Fin Issues Statement on Disclosure Risks Arising from De-SPAC Transactions

Corporate investigations under the Biden Administration’s Department of Justice (“DOJ”) are expected to increase in the coming months.  Navigating such investigations can be complex, distracting, and costly, and comes with the risk of prosecution and significant collateral consequences for the company.  Recently, Cleary Gottlieb partners and former DOJ prosecutors, Lev Dassin, Jonathan Kolodner, and Rahul

A recent decision of the Delaware Court of Chancery in the ongoing WeWork/SoftBank litigation addressed a previously unresolved question:  can management withhold its communications with company counsel from members of the board of directors on the basis that such communications are privileged?  Building on past Delaware decisions concerning directors’ rights to communications with company counsel, including in the CBS case we previously discussed here, the court clarified that directors are always entitled to communications between management and company counsel unless there is a formal board process to wall off such directors (such as the formation of a special committee) or other actions at the board level demonstrating “manifest adversity” between the company and those directors.  See In re WeWork Litigation, C.A. No. 0258-AGB (Del. Ch. August 21, 2020).  In other words, management cannot unilaterally decide to withhold its communications with company counsel from the board (or specified directors management deems to have a conflict).
Continue Reading Recent Decision Confirms Directors’ Right to Access Privileged Communications Between Management and Company Counsel

On March 20, 2020, news outlets reported that four U.S. Senators sold millions of dollars in stock following classified briefings to the Senate on the threat of a COVID-19 outbreak.  Three days later, the Co-Directors of the Securities and Exchange Commission’s (“SEC”) Division of Enforcement, Stephanie Avakian and Steven Peikin, issued a statement reminding market participants of their obligations with respect to material non-public information (“MNPI”) and of the SEC’s commitment to protecting investors from fraud and ensuring market integrity.[1]
Continue Reading Insider Trading Risk During the COVID-19 Outbreak