Photo of Rahul Mukhi

Rahul Mukhi’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

On May 7, 2020, the Supreme Court unanimously held in Kelly v. United States that the “Bridgegate” political retribution scheme did not violate the wire fraud or federal-program fraud statutes. Although the government proved that the defendants devised and facilitated the closing of multiple lanes of the George Washington Bridge in September 2013, resulting in

On April 15, 2020, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation issued an advisory alert providing guidance on the North Korean cyber threat and steps to mitigate that threat (the “Alert”).[1]  The U.S. Government has repeatedly warned the private sector that North Korea, formally known as the Democratic People’s Republic of Korea (“DPRK”), routinely engages in malicious cyber activities and has specifically targeted financial institutions.

This Alert serves as a reminder, especially during this pandemic as businesses go remote and virtual to an unprecedented degree, that the cyber threat, including from the DPRK, remains a critical risk for all companies.  Financial institutions in particular, a traditional target of North Korean cyber activity, should take steps to ensure they are protecting themselves from and responding effectively to malicious cyber intrusions.
Continue Reading CISA Alert: North Korean Cyber Threat Poses Increased Risk for Financial Institutions

On March 20, 2020, news outlets reported that four U.S. Senators sold millions of dollars in stock following classified briefings to the Senate on the threat of a COVID-19 outbreak.  Three days later, the Co-Directors of the Securities and Exchange Commission’s (“SEC”) Division of Enforcement, Stephanie Avakian and Steven Peikin, issued a statement reminding market participants of their obligations with respect to material non-public information (“MNPI”) and of the SEC’s commitment to protecting investors from fraud and ensuring market integrity.[1]
Continue Reading Insider Trading Risk During the COVID-19 Outbreak

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2020”.

Enforcement of anti-bribery, sanctions and money laundering laws remains a top priority for US authorities. In 2019, the US Department of Justice and civil regulators issued new or updated policies aimed at

The final version of the California Consumer Privacy Act of 2018 is coming into view.

On October 10, California’s Attorney General released the long-anticipated draft regulations to implement the CCPA, and on October 12, the Governor signed into law five amendments to the CCPA passed during the 2019 legislative session.  (We previously discussed the CCPA 

On October 3, 2019, the governments of the United Kingdom and United States signed the first-ever executive agreement governing cross-border data requests (the “Agreement”) pursuant to the US Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”).[1]  As contemplated by the CLOUD Act, the Agreement provides a mechanism for the governments to access and share data stored abroad by electronic communications services providers (“CSP”) in their respective countries in a timely manner.  The Agreement will enter into effect following a 180 day Congressional review period required by the CLOUD Act and a similar review by the UK Parliament.   
Continue Reading United Kingdom and United States Governments Sign First-Ever CLOUD Act Agreement

Companies that face non-public government investigations frequently confront challenging questions regarding whether and when to disclose the existence of the investigation, how much to disclose, and any duty to update the disclosure as the investigation proceeds. The SEC recently filed a settled complaint alleging that Mylan committed accounting and disclosure violations for failing to timely

The SFO recently released its much anticipated Corporate Co-Operation Guidance (the “Guidance”). It provides details of the types of behaviour expected by the SFO in order for an organisation to receive credit for its cooperation, including through the offer of a Deferred Prosecution Agreement (“DPA”) or by the SFO determining that it is not in

In late July 2019, U.S. federal and state regulators announced three headline‑grabbing data privacy and cybersecurity enforcement actions against Equifax and Facebook.  Although coverage of these cases has focused largely on their striking financial penalties, as important are the terms the settlements imposed on the companies’ operations as well as their officers, directors, and compliance professionals—and what they signal about potential future enforcement activity to come.
Continue Reading July 2019 Privacy and Cybersecurity Enforcement: Lessons for Management and Directors

On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”), which expands data breach notification obligations under New York law and for the first time imposes affirmative cybersecurity obligations on covered entities.

The Act makes five principal changes