Photo of Jonathan S. Kolodner

Jonathan S. Kolodner’s practice focuses on white-collar criminal enforcement and regulatory matters as well as complex commercial litigation.

In late July 2019, U.S. federal and state regulators announced three headline‑grabbing data privacy and cybersecurity enforcement actions against Equifax and Facebook.  Although coverage of these cases has focused largely on their striking financial penalties, as important are the terms the settlements imposed on the companies’ operations as well as their officers, directors, and compliance professionals—and what they signal about potential future enforcement activity to come.
Continue Reading

On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”), which expands data breach notification obligations under New York law and for the first time imposes affirmative cybersecurity obligations on covered entities.

The Act makes five principal changes

As discussed in our most recent blog post, on April 30, 2019, the Criminal Division of the U.S. Department of Justice (“DOJ” or “the Department”) announced updated guidance for the Criminal Division’s Evaluation of Corporate Compliance Programs (“the Guidance”).  The Guidance is relevant to the exercise of prosecutorial discretion in conducting an investigation of a corporation, determining whether to bring charges, negotiating plea or other agreements, applying sentencing guidelines and appointing monitors.[1]  The Guidance focuses on familiar factors: the adoption of a well-designed compliance program that addresses the greatest compliance risks to the company, the effective implementation of the company’s compliance policies and procedures, and the adequacy of the compliance program at the time of any misconduct and the response to that misconduct.  The Guidance makes clear that there is no one-size-fits-all compliance program and that primary responsibility for the compliance program will lie with senior and middle management and those in control functions.
Continue Reading

On April 30, 2019, the Criminal Division of the U.S. Department of Justice announced updated guidance for the Criminal Division’s Evaluation of Corporate Compliance Programs (“the Guidance”) in charging and resolving criminal cases.  This memorandum highlights key updates and discusses the themes present across versions of the Guidance.  Overall, this newest version places greater emphasis

In a recent speech at the annual ABA White Collar Crime Conference in New Orleans, Assistant Attorney General Brian Benczkowski of the Criminal Division of the Department of Justice (“DOJ”) announced certain changes to the FCPA Corporate Enforcement Policy (“the Enforcement Policy” or “Policy”) to address issues that the DOJ had identified since its implementation.[1]  These and other recent updates have since been codified in a revised Enforcement Policy in the Justice Manual.[2]

The Enforcement Policy, first announced by the DOJ in November 2017, was initially applicable only to violations of the FCPA, but was subsequently extended to all white collar matters handled by the Criminal Division.[3]  The Policy was designed to encourage companies to voluntary self-disclose misconduct by providing more transparency as to the credit a company could receive for self-reporting and fully cooperating with the DOJ.  Among other things, the Enforcement Policy provides a presumption that the DOJ will decline to prosecute companies that meet the DOJ’s requirement of “voluntary self-disclosure,” “full cooperation,” and “timely and appropriate remediation,” absent “aggravating circumstances” – i.e. relating to the seriousness or frequency of the violation.  For more information on the Enforcement Policy, read our blog post explaining it here.
Continue Reading

As discussed in Cleary Gottlieb’s December 21, 2018 Alert Memorandum, on December 18, 2018, the U.S. Court of Appeals for the D.C. Circuit issued an important ruling in In re Grand Jury Subpoena, holding, inter alia, that foreign state-owned corporations are subject to criminal jurisdiction in the United States and upholding Special Counsel

On December 18, 2018, the District of Columbia Circuit Court of Appeals issued an important ruling in In re Grand Jury Subpoena, holding that foreign state-owned corporations are subject to criminal jurisdiction in the United States and that the exceptions to sovereign immunity set forth in the Foreign Sovereign Immunities Act (the “FSIA”)[1] apply to criminal as well as to civil cases.[2]  The court also rejected the foreign sovereign entity’s argument that it should be excused from complying with a subpoena because doing so would violate the law of the respondent’s country of incorporation.  Although In re Grand Jury Subpoena arises in the context of enforcing a grand jury subpoena, its language and holding could potentially be extended to criminal prosecutions of a foreign state or state-owned entity.

Continue Reading

On Friday, October 12, 2018, during remarks at the NYU School of Law Program on Corporate Compliance and Enforcement Conference on Achieving Effective Compliance, Assistant Attorney General Brian A. Benczkowski of the Department of Justice announced new guidance, issued on October 11, relating to the imposition and selection of corporate compliance monitors in Criminal Division

On August 24, 2018, the Second Circuit in United States v. Hoskins issued a decision limiting the FCPA’s reach, holding that foreign nationals who cannot be convicted as principals under the FCPA also cannot be held liable for conspiring to violate or aiding and abetting a violation of the statute. The decision, written by Judge

DOJ has expanded its efforts to give more concrete guidance to companies facing FCPA risk to M&A transactions and the question of successor liability.  In a speech on July 25, 2018, at the American Conference Institute’s 9th Global Forum on Anti-Corruption Compliance in High Risk Markets, Deputy Assistant Attorney General Matthew S. Miner highlighted DOJ’s views on successor liability for FCPA violations by acquired companies.[1]  Miner sought to clarify DOJ’s policy regarding the voluntary disclosure of misconduct by successor companies and to highlight the benefits of such disclosure as spelled out in the joint DOJ and SEC FCPA Resource Guide (the “Resource Guide”).[2]  In general, as with other recent pronouncements and actions by DOJ, such as the FCPA Corporate Enforcement Policy,[3] Miner’s speech seemed intended to highlight ways in which firms can gain cooperation credit (up to and including a declination) in FCPA investigations.
Continue Reading