Photo of Rahul Mukhi

Rahul Mukhi’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

On January 24, 2022, Securities and Exchange Commission Chair Gary Gensler gave a speech at the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute signaling the SEC’s intention to step up its cyber-related regulatory and enforcement efforts.  Gensler described the continued rise in cybersecurity incidents targeting the financial sector as a serious threat to the nation’s economy and critical infrastructure, with costs potentially in the trillions of dollars.
Continue Reading SEC Chair Previews Ramp Up in Regulation and Enforcement in the Cybersecurity Context

On August 9, 2021, the SEC issued a cease-and-desist order against digital asset exchange Poloniex, Inc. for allegedly operating an unregistered exchange in violation of Section 5 of the Exchange Act in connection with its operation of a trading platform that facilitated the buying and selling of digital asset securities.[1]

In the cease-and-desist order, the SEC alleged that Poloniex met the definition of an “exchange” because it “provided the non-discretionary means for trade orders to interact and execute through the combined use of the Poloniex website, an order book, and the Poloniex trading engine.”  The SEC also found, based on internal communications, that Poloniex decided to be “aggressive,” ultimately listing token(s) it had internally determined carried a “medium” risk of being considered securities under the Securities Act of 1933 pursuant to the test set forth by the U.S. Supreme Court in SEC v. W.J. Howey.[2]  However, the SEC did not identify what digital asset(s) it determined were securities nor why, simply stating that Poloniex facilitated trading of “digital assets that were investment contracts and therefore securities.”

Without admitting or denying the SEC’s findings, Poloniex agreed to the entry of the order and a payment of $10,388,309 in disgorgement, prejudgment interest, and a civil penalty.
Continue Reading SEC Enforcement Action Against Poloniex Signals Heightened Scrutiny for Crypto Exchanges

On July 29, 2021, the U.S. Attorney’s Office for the Southern District of New York unsealed a securities and wire fraud indictment against Trevor Milton, the founder and one-time chairman of Nikola Corporation (“Nikola”), a pre-revenue electric- and hydrogen-powered vehicle company which went public through a merger with a special-purpose acquisition company (“SPAC”).[1]  The Indictment alleges that Milton made deceptive, false, and misleading claims regarding Nikola’s products and technology, which were directed at retail investors through social media and television, print, and podcast interviews.  The SEC also filed a parallel civil action against Milton, alleging violations of Section 17(a) of the Securities Act and Section 10(b) of the Exchange Act, and which contends that Milton engaged in a “relentless public relations blitz” on social media and the popular press directed at “Robinhood investors” in order to inflate Nikola’s stock price.

These actions further confirm the heightened law enforcement and regulatory scrutiny of SPACs, as well as continuing interest by government authorities in protecting retail investors in so-called meme stocks.[2]
Continue Reading DOJ Indicts Founder of Nikola for Allegedly Defrauding Retail SPAC Investors

On July 13, 2021, the Securities and Exchange Commission (“SEC”) announced a major enforcement action related to a proposed merger between a special purpose acquisition company (“SPAC”) and a privately held target company (“Target”).  This followed numerous warnings by the SEC staff over several months of enhanced scrutiny of such transactions under the federal securities laws.[1]  The respondents, except for the Target’s CEO, settled the action by collectively agreeing to civil penalties of approximately $8 million and to certain equitable relief described below. [2]
Continue Reading SEC Brings SPAC Enforcement Action and Signals More to Come

Last week, the Second Circuit affirmed the dismissal for lack of Article III standing a proposed class action against a health services provider that mistakenly disclosed personally identifiable information (“PII”).  In its opinion, the Second Circuit held that plaintiffs may establish Article III standing based on an increased risk of identity theft or fraud following an unauthorized disclosure of their data, but that the standard was not met based on the facts presented.  The decision, which is the first time the Second Circuit has explicitly adopted this standard, has potentially important implications going forward for data breach cases.

Continue Reading Second Circuit Articulates Injury Standard in Data Breach Suits

As discussed in our prior blog post, earlier this year the Supreme Court vacated and remanded the Second Circuit’s decision in a high-profile insider trading case, United States v. Blaszczak,[1] for reconsideration in light of the Supreme Court’s “Bridgegate” decision in Kelly v. United States.[2]  In Blaszczak, the Second Circuit had previously found that a government agency’s confidential pre-decisional information constituted “property” under Title 18, and that therefore the Blaszczak defendants had committed fraud under the applicable statutes when they obtained the information and traded on it.[3]  However, following that decision, the Supreme Court held in Kelly that a government regulatory interest did not constitute “property” for the purpose of Title 18 fraud statutes.[4]  The Blaszczak defendants filed a petition for certiorari, contending that the Second Circuit’s reading of Title 18 could not be reconciled with the Supreme Court’s holding.[5]  After the Blaszczak defendants filed their petition, the government consented to a remand to the Second Circuit.
Continue Reading DOJ Concedes Error In Title 18 Insider Trading Convictions After Supreme Court’s “Bridgegate” Decision

Last week, John Coates, the Acting Director of the SEC’s Division of Corporation Finance (“Corp Fin”), released a statement discussing liability risks in de-SPAC transactions.

The statement focused in particular on the concern that companies may be providing overly optimistic projections in their de-SPAC disclosures, in part based on the assumption that such disclosures are protected by a statutory safe harbor for forward-looking statements (which is not available for traditional IPOs).  Director Coates’s statement questions whether that assumption is correct, arguing that de-SPAC transactions may be considered IPOs for the purposes of the statute (and thus fall outside the protection offered by the statutory safe harbor).  He therefore encourages SPACs to exercise caution in disclosing projections, including by not withholding unfavorable projections while disclosing more favorable projections.
Continue Reading Acting Director of SEC’s Corp Fin Issues Statement on Disclosure Risks Arising from De-SPAC Transactions

In a decision with potentially far-reaching implications, Alasaad v. Mayorkas, Nos. 20-1077, 20-1081, 2021 WL 521570 (1st Cir. Feb. 9, 2021), the First Circuit recently rejected First and Fourth Amendment challenges to the U.S. government agency policies governing border searches of electronic devices. These policies permit so-called “basic” manual searches of electronic devices without any articulable suspicion, requiring reasonable suspicion only when officers perform “advanced” searches that use external equipment to review, copy, or analyze a device.  The First Circuit held that even these “advanced” searches require neither probable cause nor a warrant, and it split with the Ninth Circuit in holding that searches need not be limited to searches for contraband, but may also be used to search for evidence of contraband or evidence of other illegal activity. This decision implicates several takeaways for company executives entering and leaving the United States, particularly if they or their employers are under active investigation.  In-house counsel in particular should consider the implications of the decision given obligations of lawyers to protect the confidentiality of attorney-client privileged information.

Continue Reading First Circuit Upholds Border Searches of Electronic Devices Without Probable Cause

Last month, in Guo Wengui v. Clark Hill, PLC, the United States District Court for the District of Columbia granted Plaintiff’s motion to compel production of Defendant’s third-party forensic investigation report following a cybersecurity incident.[1]  The court held that the forensic report was not covered by the attorney-client privilege or the work product doctrine, providing a cautionary tale for companies conducting post-breach investigations.
Continue Reading D.C. District Court Rejects Privilege Claim for Post-Data Breach Forensic Report

Corporate investigations under the Biden Administration’s Department of Justice (“DOJ”) are expected to increase in the coming months.  Navigating such investigations can be complex, distracting, and costly, and comes with the risk of prosecution and significant collateral consequences for the company.  Recently, Cleary Gottlieb partners and former DOJ prosecutors, Lev Dassin, Jonathan Kolodner, and Rahul