Photo of Jonathan S. Kolodner

Jonathan S. Kolodner’s practice focuses on white-collar criminal enforcement and regulatory matters as well as complex commercial litigation.

On July 29, 2021, the U.S. Attorney’s Office for the Southern District of New York unsealed a securities and wire fraud indictment against Trevor Milton, the founder and one-time chairman of Nikola Corporation (“Nikola”), a pre-revenue electric- and hydrogen-powered vehicle company which went public through a merger with a special-purpose acquisition company (“SPAC”).[1]  The Indictment alleges that Milton made deceptive, false, and misleading claims regarding Nikola’s products and technology, which were directed at retail investors through social media and television, print, and podcast interviews.  The SEC also filed a parallel civil action against Milton, alleging violations of Section 17(a) of the Securities Act and Section 10(b) of the Exchange Act, and which contends that Milton engaged in a “relentless public relations blitz” on social media and the popular press directed at “Robinhood investors” in order to inflate Nikola’s stock price.

These actions further confirm the heightened law enforcement and regulatory scrutiny of SPACs, as well as continuing interest by government authorities in protecting retail investors in so-called meme stocks.[2]
Continue Reading DOJ Indicts Founder of Nikola for Allegedly Defrauding Retail SPAC Investors

On May 12, 2021, Telefonaktiebolaget LM Ericsson (“Ericsson”) announced that it had reached an agreement to settle a claim by a competitor, Nokia Corporation, for €80 million (approximately $97 million).[1]  Although Nokia’s complaint against Ericsson was not filed publicly, and therefore the details of the claim are not known, Ericsson’s announcement stated that “[t]he settlement relates to events that were the subject of a 2019 resolution with the U.S. Department of Justice (DOJ) and U.S. Securities and Exchange Commission (SEC) of investigations into Ericsson’s violations of the U.S. Foreign Corrupt Practices Act (FCPA).”[2]  This appears to be a rare instance in which a company that allegedly paid bribes to obtain business from a government entity agreed to compensate a competitor that lost out on the business opportunity as a result of the corrupt conduct, and demonstrates a further, significant risk of follow-on litigation relating to FCPA violations.
Continue Reading Recent Settlement Highlights Risk of Follow-On Litigation Related to FCPA Investigations

The Colombian Corporations Commission (La Superintendencia de Sociedades) (“Superintendencia”) has issued Resolution 100-006261, which requires the overwhelming majority of companies that are supervised by the Superintendencia and engage in international transactions to adopt and implement a compliance program – called a Business Transparency and Ethics program – by April 30, 2021.  The program must be designed to prevent and detect violations of anti-bribery laws, in accordance with 2016 guidance.
Continue Reading Colombian Corporate Regulatory Authority Expands Application of Compliance and Transparency Program Guidelines

Last month, in Guo Wengui v. Clark Hill, PLC, the United States District Court for the District of Columbia granted Plaintiff’s motion to compel production of Defendant’s third-party forensic investigation report following a cybersecurity incident.[1]  The court held that the forensic report was not covered by the attorney-client privilege or the work product doctrine, providing a cautionary tale for companies conducting post-breach investigations.
Continue Reading D.C. District Court Rejects Privilege Claim for Post-Data Breach Forensic Report

Corporate investigations under the Biden Administration’s Department of Justice (“DOJ”) are expected to increase in the coming months.  Navigating such investigations can be complex, distracting, and costly, and comes with the risk of prosecution and significant collateral consequences for the company.  Recently, Cleary Gottlieb partners and former DOJ prosecutors, Lev Dassin, Jonathan Kolodner, and Rahul

On October 1, 2020, the SDNY District Court issued an important ruling in U.S. v. Halkbank, holding that foreign state-owned entities (“SOEs”) can be subject to criminal jurisdiction in the United States.

The Court denied the defendant Turkish state-owned bank’s motion to dismiss an indictment charging it with conspiracy, bank fraud, and money laundering

On August 20, 2020, the Department of Justice (“DOJ”) announced that it had charged Joseph Sullivan, the former Chief Security Officer (“CSO”) of Uber Technologies Inc. (“Uber”), with obstruction of justice and misprision of a felony for allegedly attempting to cover up Uber’s 2016 data incident during the course of an investigation by the Federal Trade Commission (“FTC”).
Continue Reading DOJ Charges Former Uber Executive for Alleged Role in Attempted Cover-Up of 2016 Data Breach

In a landmark enforcement action related to a bank data breach, the Office of the Comptroller of the Currency (“OCC”) assessed an $80 million civil monetary penalty and entered into a cease and desist order with the bank subsidiaries of Capital One on August 6, 2020.  The actions follow a 2019 cyber-attack against Capital One.  The Federal Reserve Board also entered into a cease and desist order with the banks’ parent holding company.  The OCC actions represent the first imposition of a significant penalty against a bank in connection with a data breach or an alleged failure to comply with the OCC’s guidelines relating to information security.
Continue Reading OCC Imposes $80 Million Penalty in Connection with Bank Data Breach

On June 25, 2020, a federal district court in the Eastern District of Virginia held that a bank must produce in discovery a report generated by its cybersecurity forensic investigator following a 2019 data breach involving unauthorized access to personal information of customers and individuals who had applied for accounts.[1]  Even though the report was produced at the direction of outside counsel, the court rejected arguments that the forensic report is protected from disclosure by the work product doctrine.  Instead, the court determined that the report was not produced primarily in anticipation of litigation based on several factors, including the similarity of the report to past business-related work product by the investigator and the bank’s subsequent use and dissemination of the report.  This decision raises questions about the scope of work product protection for forensic expert and other similar reports in the context of an internal investigation.
Continue Reading Federal Court Compels Production of Data Breach Forensic Investigation Report

On June 1, 2020, the Criminal Division of the U.S. Department of Justice (the “Department”) released revisions to its guidance regarding the Evaluation of Corporate Compliance Programs, which the Department uses in assessing the “adequacy and effectiveness” of a company’s compliance program in connection with any decision to charge or resolve a criminal investigation, including