The Modern General Counsel
The role of the modern General Counsel has evolved in both scope and prominence. As vital legal and business advisors, today’s General Counsel are leading the charge in navigating an increasingly complex macroeconomic, regulatory and geopolitical environment.
lead the way
Featured Insights
When the Black Swan Comes From Within
Social and technological changes have elevated the amount of potential harm a rogue employee can do. Knowing the best approach to take can minimize the fallout and even mitigate future risks.
Read More
More Than Mere Survival: The GC’s Role in Moving Beyond Crisis
Read More
In-house counsel should coordinate inside leaders and outside advisors to respond to a crisis. But they also have a role in longer-term response.
Sign up for The Modern General Counsel Executive Newsletter
Subscribe Now
Missteps the GC Should Avoid in the First 48 Hours of a Crisis
Read More
The first 48 hours of a corporate crisis presents a complex web of risk and challenges for the general counsel (“GC”).
The GC and ESG: From Great Risk Comes Great Opportunity
Read More
As ESG standards evolve, so too does the role of the general counsel, with many already in charge of identifying and tracking certain corporate ESG performance metrics.
Preparing for the Inevitable Black Swan
Read More
The Expert Briefing with FTI Cybersecurity
FTI Consulting is the firm General Counsel call on when their most important issues are at stake.
Advisor to 98 of the world’s 100 largest law firms
Adviser to 99 of the world’s top 100 law firms
High-profile cybersecurity and data privacy threats are pervasive and sophisticated. Explore our insights discovery tool to get personalized recommendations on how you can safeguard privacy, maintain governance, ensure regulatory compliance and protect against bad actors.
Get Started
83 of the Fortune 100 corporations are clients
82 of Fortune 100 companies are clients
Advisor to the world’s top 50 banking holding companies
Advisor to 50 of the top 100 private equity firms on the PEI 300 list
Adviser to 50 of the top 100 private equity firms on the Private Equity International 300 list.
8,000+ employees worldwide
Employees worldwide (as of April 2023)
Offices in 85 cities across the globe
Offices in 83 cities across the globe (as of April 2023)
All Awards
View All General Counsel Insights
Navigating the Evolving M&A and Regulatory Landscape
The role of the General Counsel (“GC”) is most visible when a company is facing pivotal value creation or destruction — times of major opportunities, such as a megamerger or regulatory approval to bring an innovation to market, and times of crisis, such as a cyber breach or internal investigation. At moments of crisis and opportunity, it is important that the General Counsel has a trusted partner with the expertise and experience to help lead the way.
How do your cybersecurity
and data privacy strategies stack up?
Select the topic that is top of mind for you, then tell us where you are on your journey to receive a personalized reading recommendation:
Managing & Guiding Communications
Incident Response Plans
Third-Party Security Risk
Select the topics that matter to you, and get personalized insights to help you lead the way in a rapidly evolving risk landscape.
Does your organization have a process for managing and guiding communications in the event of a cybersecurity incident?
Yes
No
I don’t know
Build resilience in a rapidly evolving cyber risk landscape.
GC Newsletter
High-profile cybersecurity threats are pervasive and sophisticated. Get the expert perspectives you need to safeguard privacy, maintain governance, ensure regulatory compliance and protect against bad actors.
Share Quiz
Restart the Quiz
The Modern General Counsel
The scope and prominence of the general counsel role continues to grow. Get the expert perspectives you need to build resilience in a rapidly evolving risk landscape.
Meet an Expert
Share on LinkedIn
Share on Twitter
One of America’s Best Management Consulting Firms
Forbes
Consulting Firm of the Year
Who’s Who Legal
#1 Expert Witness Firm on GAR 100 Expert Witness Firms' Power Index
Global Arbitration Review
One of the World’s Best Management Consulting Firms
Forbes
Leader of the Who’s Who Legal Arbitration: Expert Witnesses List
Who’s Who Legal
Global Turnaround Consulting Firm of the Year
Global M&A Network
Crisis Communications Firm of the Year
Global M&A Network
Leader in the Litigation Support Guide
Chambers and Partners
One of America’s Most Just Companies
Just Capital and CNBC
Communications Firm of the Year
The M&A Advisor
#1 U.S. Restructuring Advisor
The Deal
Leader in Crisis & Risk Management Guide
Chambers and Partners
Advisor to 99 of the world’s 100 largest law firms99 of the world’s top 100 law firms
Adviser to 99 of the world’s top 100 law firms
82 of the Fortune 100 corporations are clients
82 of Fortune 100 companies are clients
Adviser to 50 of the world’s top 50 bank holding companies
Adviser to 50 of the world’s top 50 bank holding companies
Adviser to 50 of the top 100 private equity firms on the Private Equity International 300 list.
Adviser to 50 of the top 100 private equity firms on the Private Equity International 300 list.
Employees worldwide (as of April 2023)
Employees worldwide (as of April 2023)
Offices in 83 cities across the globe (as of April 2023)
Offices in 83 cities across the globe (as of April 2023)
All Awards
Meet Our Experts
Meet our Experts
Regardless of scale, every company stands to experience a crisis sooner or later. The difference between survival and extincion often boils down to how effectively the company can react and how it handles the fallout.
View All General Counsel Insights
Compass Lexecon was engaged to provide economic analysis and expert testimony on the deal’s impact on competition and procompetitive efficiencies in the gaming industry.
Process
Compass Lexecon expert, Professor Dennis W. Carlton, testified before the federal court that the FTC expert’s economic analysis was flawed, relied on unsupported assumptions and failed to show that the transaction would lead to unfair competition and the foreclosure of Activision Blizzard’s content from Microsoft rivals.
Result
Compass Lexecon’s economic analysis and expert testimony identified deal-specific benefits, including expanded access to Activision Blizzard’s gaming content, lower costs for gamers and increased incentives for investment in game development.
Our Role
Data Privacy
In December 2022, the U.S. Federal Trade Commission (“FTC”) filed a complaint in the federal court in California to halt Microsoft’s acquisition of Activision Blizzard, citing antitrust concerns.
The FTC alleged that the deal would allow Xbox-maker Microsoft to suppress competition in the gaming industry and monopolize Activision Blizzard’s popular game titles, such as World of Warcraft and Call of Duty. Microsoft and Activision Blizzard retained FTI Consulting subsidiary Compass Lexecon to respond to the FTC’s complaint.
Situation
FTI Consulting subsidiary Compass Lexecon secured a landmark victory for clients Microsoft and Activision Blizzard, a leading game developer and publisher, in a highly contested vertical merger — the largest technology merger in history.
Microsoft & Activision Prevail in Landmark Merger Case
Microsoft & Activision
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
Working in close partnership with both parties and counsel, FTI Technology’s experts and workflows significantly reduced documents from the review set for both parties. They successfully delivered an on-time, fulsome and compliant document review and investigation on behalf of MASMOVIL and Orange, which contributed to satisfying the requirements of the European Commission and the merger ultimately being approved.
In 2022, Colonial Pipeline received the Silver Anvil Award of Excellence from the Public Relations Society of America for its communications response to the ransomware attack and navigating a national crisis.
The Impact
Colonial Pipeline
The FTI Technology team collected and processed large volumes of data, including Microsoft 365 email, OneDrive and Teams, corporate laptops and file servers, from sources in France, Spain and the UK, for custodians within both Orange and MASMOVIL, as well as other sponsors.
After extraction, de-duplication and application of the relevant date ranges, the team helped massively reduce the volume of documents eligible for consideration.
The experts implemented safeguards and methodologies to sufficiently and fairly represent both sides, reduce any risk of conflicts and ensure efficient and defensible review within the regulator’s timeframes and requirements.
The FTI Consulting team supported the development and execution of a crisis communications strategy, produced materials for company stakeholders, supported daily briefings to senior government officials in the White House and Department of Energy and managed the company’s media engagement, which included more than 1,000 inquiries.
FTI Consulting supported the company in the months following the event as it worked through the system hardening and data recovery phases, which included employee, customer and shipper notifications. The team also helped prepare the CEO to testify before two congressional committees about the company’s response to the ransomware attack.
MASMOVIL and Orange were under scrutiny and were required to meet the typical compressed timeframes and extensive internal document production obligations from the European Commission that are now a standard feature in merger clearance reviews. To fulfill the request from the authorities on time, the companies needed to implement a plan to enable rolling document reviews and productions, requiring around-the-clock work from the combined FTI Technology and counsel team.
To add to the complexity, there were also heightened sensitivities about the justification for withholding any documents due to privilege. The tight timelines made it difficult to review the documents for personal and privileged information fully, so the team needed to establish a high degree of quality control to identify privileged information and document why it was withheld from the production set.
Stakeholders within MASMOVIL and Orange selected FTI Technology for the full force of its merger clearance review experience and international capabilities across digital forensics and e-discovery for document preservation, collection and processing, as well as the ability to deliver comprehensive managed document review. Several parties involved in the transaction had worked with FTI Technology’s experts on previous matters and trusted the team to deliver successfully for the entire review.
After entering an agreement to a large-scale and complex cross-jurisdictional merger between telecommunications providers MASMOVIL and Orange, both parties had to collect, review and produce internal documents as part of an extensive merger clearance investigation by European competition authorities. The parties engaged FTI Technology to lead discovery and document review for both organisations and support the needs of the merger review before its approval in February 2024.
Providing Complex, Time-Sensitive Phase II Investigation and Document Review for MASMOVIL and Orange Merger
MASMOVIL & Orange
Case Study
The FTI Technology team collected and processed large volumes of data, including Microsoft 365 email, OneDrive and Teams, corporate laptops and file servers, from sources in France, Spain and the UK, for custodians within both Orange and MASMOVIL, as well as other sponsors.
After extraction, de-duplication and application of the relevant date ranges, the team helped massively reduce the volume of documents eligible for consideration.
The experts implemented safeguards and methodologies to sufficiently and fairly represent both sides, reduce any risk of conflicts and ensure efficient and defensible review within the regulator’s timeframes and requirements.
The FTI Consulting team supported the development and execution of a crisis communications strategy, produced materials for company stakeholders, supported daily briefings to senior government officials in the White House and Department of Energy and managed the company’s media engagement, which included more than 1,000 inquiries.
FTI Consulting supported the company in the months following the event as it worked through the system hardening and data recovery phases, which included employee, customer and shipper notifications. The team also helped prepare the CEO to testify before two congressional committees about the company’s response to the ransomware attack.
MASMOVIL and Orange were under scrutiny and were required to meet the typical compressed timeframes and extensive internal document production obligations from the European Commission that are now a standard feature in merger clearance reviews. To fulfill the request from the authorities on time, the companies needed to implement a plan to enable rolling document reviews and productions, requiring around-the-clock work from the combined FTI Technology and counsel team.
To add to the complexity, there were also heightened sensitivities about the justification for withholding any documents due to privilege. The tight timelines made it difficult to review the documents for personal and privileged information fully, so the team needed to establish a high degree of quality control to identify privileged information and document why it was withheld from the production set.
Stakeholders within MASMOVIL and Orange selected FTI Technology for the full force of its merger clearance review experience and international capabilities across digital forensics and e-discovery for document preservation, collection and processing, as well as the ability to deliver comprehensive managed document review. Several parties involved in the transaction had worked with FTI Technology’s experts on previous matters and trusted the team to deliver successfully for the entire review.
Situation
After entering an agreement to a large-scale and complex cross-jurisdictional merger between telecommunications providers MASMOVIL and Orange, both parties had to collect, review and produce internal documents as part of an extensive merger clearance investigation by European competition authorities. The parties engaged FTI Technology to lead discovery and document review for both organisations and support the needs of the merger review before its approval in February 2024.
Providing Complex, Time-Sensitive Phase II Investigation and Document Review for MASMOVIL and Orange Merger
MASMOVIL & Orange
Case Study
Our Impact
Our Role
Situation
Introduction
Take Quiz
ARE YOU PREPARED FOR A CYBER INCIDENT?
FTI Consulting Senior Advisor Matthew Layton discusses the main themes at the World Economic Forum through the General Counsel lens.
How Global Issues
Impact the Modern GC
Cybersecurity & Data Privacy
Safeguarding Through Crises
Read More
Cyber risks and threats related to advanced technologies such as artificial intelligence, blockchain, cryptocurrency and metaverse environments require o...
Balancing Innovation and Risk Management: The GC’s Role in Driving Digital Transformation
Read More
If your company is publicly traded in the United States — whether headquartered in the United States or abroad — new cybersecurity and disclosure rules apply.
The SEC’s Revised Cybersecurity Rules Have Global Reach
Read More
The Federal Trade Commission, with the concurrence of the Antitrust Division of the U.S. Department of Justice, recently entered a 60-day comment period for propose...
Global Regulators Squeeze Merger Control as FTC Proposes Strict Revisions to Guidelines
Download Report
Senior Managing Director Wendy King discusses highlights from the 2023 General Counsel Report.
Global Legal Departments Alleviate and Respond to Critical Pressure Points
The Expert Briefing with FTI Cybersecurity
Access Event Replay
On June 15, 2023, FTI Consulting and WSJ Custom Events invited Deputy Attorney General Lisa Monaco to speak on the general counsel’s role as the bridge between regulators and the C-suite.
The New Regulatory Roadmap:
Lisa Monaco in Conversation with David Kline
View All General Counsel Insights
Anthony J. Ferrante, Global Head of Cybersecurity and Former Director for Cyber Incident Response at the National Security Council at the White House, on why General Counsel should engage with external cybersecurity experts.
Why GCs Should Engage with External Cybersecurity Experts
Andrew Szwez, Senior Managing Director at FTI Consulting, discusses second requests from the Federal Trade Commission (“FTC”) or the Department of Justice ("DOJ") during their review of mergers or acquisitions and how they can be managed efficiently and defensibly.
Anatomy of a Second Request
View All General Counsel Insights
Microsoft & Activision
How do your cybersecurity and data privacy strategies stack up?
Adviser to 50 of the world’s top 50 bank holding companies
3. The Impact
2. Our Role
1. Situation
Introduction
Our Role
Judge Jacqueline Scott Corley of the U.S. District Court for the Northern District of California denied the FTC’s request for a preliminary injunction, ruling that the FTC had failed to demonstrate that it would likely prevail in its claim that the proposed merger would substantially lessen competition and that, in contrast to the FTC’s claims, there would be more consumer access to Activision content following the merger. The U.S. Appeals Court for the 9th Circuit then denied the FTC’s appeal, thereby allowing the acquisition to close.
Diagnosis
Recommendations
Judge Corley repeatedly referenced Professor Carlton’s testimony in her opinion criticizing the FTC expert’s analysis and acknowledged several post-transaction benefits noted in Professor Carlton’s testimony.
Execution
Judge Corley’s opinion relied on several recent challenges to vertical mergers where judges ruled for the defendants — United States of America v. AT&T Inc., DirecTV Group Holdings, LLC, and Time Warner Inc.; Federal Trade Commission v. Meta Platforms, Inc.; and the FTC ALJ opinion in In the Matter of Illumina, Inc. and Grail, Inc. — all of which are cases where Professor Carlton served as an economic expert for the merging parties.
The Impact
Digital Risk
Data Protection Regulations
Meet an Expert
Share
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
MASMOVIL & Orange
Hostess & Smuckers
Execution
Hertz successfully de-fleeted approximately 200,000 vehicles, facilitating the repayment of USD$4.3 billion in debt principal and sold its Donlen business for approximately USD$875 million.
Recommendations
Hertz successfully negotiated many key aspects of its capital structure, including USD$1.65 billion in funds for general corporate purposes and critical fleet equity needs.
In September 2023, Hostess Brands successfully announced its acquisition by The J.M. Smucker Company for approximately $5.6 billion.
Transaction risks were mitigated by FTI Consulting’s comprehensive leak strategy, preparation and strong media relationships.
Seamless coordination of communications on the day of the transaction ensured correct and impactful cadence.
Significant national media attention of the transaction widely reviewed the successful turnaround of an American icon and reflected the value created by leadership.
Diagnosis
The Impact
FTI Consulting developed and prepared a leak response plan. When the acquisition leaked via a Reuters article, FTI Consulting executed the response plan, helping to manage media inquiries and internal and external responses to the leak.
FTI Consulting played a critical role in the organization and execution of the deal announcement. The team developed stakeholder materials and first drafts so that when a buyer was chosen, the team could move as quickly as possible.
After learning of the buyer, FTI Consulting’s team coordinated with the counterparty and advisor teams to manage the full communication rollout process, adjusted and finalized stakeholder documents, supported Hostess with transaction logistics and fielded both internal and external inquiries post-announcement.
Overview
Process
FTI Consulting assisted with cash forecasting and liquidity management; oversaw vendor- and supplier-related matters; and prepared a quality-of-earnings report for the sale of Hertz’s Donlen subsidiary.
Result
FTI Consulting’s team of experts managed diligence activities and communications with financial and legal advisors and provided a temporary senior-level accounting resource, among other activities.
Our Role
Data Privacy
Our Role
Hostess Brands, a leading sweet snacks company with iconic brands like Twinkies, Ding Dongs, Donettes, and Voortman, partnered with FTI to navigate communications around its transaction process, ultimately resulting in its acquisition by The J.M Smucker Co. for approximately $5.6 billion. FTI Consulting was initially retained due to increased leak risk related to a potential transaction. As Hostess ran a process and more parties became privy to a potential deal, the risk of a leak increased exponentially.
Despite undertaking various liquidity initiatives, such as reducing vehicle purchase commitments, securing airport concession deferrals and abatements, and implementing furloughs and terminations, Hertz filed for Chapter 11 in May 2020.
Situation
Hostess Brands, a leading sweet snacks company with iconic brands like Twinkies, Ding Dongs, Donettes and Voortman, partnered with FTI Consulting to navigate communications around its transaction process, ultimately resulting in its acquisition by The J.M Smucker Company for approximately $5.6 billion. FTI Consulting was initially retained due to increased leak risk related to a potential transaction. As Hostess ran a process and more parties became privy to a potential deal, the risk of a leak increased exponentially.
Navigating Hostess Brands' $5.6 Billion Sale to The J.M. Smucker Company
Hostess & Smuckers
Case Study
2. The Impact
1. Our Role
1. Situation
Introduction
Pfizer & Seagen
Execution
Judge Corley’s opinion relied on several recent challenges to vertical mergers where judges ruled for the defendants — United States of America v. AT&T Inc., DirecTV Group Holdings, LLC, and Time Warner Inc.; Federal Trade Commission v. Meta Platforms, Inc.; and the FTC ALJ opinion in In the Matter of Illumina, Inc. and Grail, Inc. — all of which are cases where Professor Carlton served as an economic expert for the merging parties.
Recommendations
Recoveries from the Madoff Recovery Initiative far exceed similar efforts related to prior Ponzi schemes both in terms of dollar value and percentage of stolen funds recovered.¹
On December 14, 2023, Pfizer completed its $43 billion acquisition of Seagen — the largest M&A deal in biopharma since 2019. The deal closed after merger reviews by competition authorities around the world. A global Compass Lexecon team comprised of personnel in the United States, Europe and Singapore provided economic analysis and logistical support throughout the regulatory review process.
Diagnosis
The Impact
In the United States, a Compass Lexecon team led by Nathan Wilson supported counsel through the Hart-Scott-Rodino (“HSR”) process, developing economic evidence that showed the proposed merger would not harm competition while also aiding in the process of successfully complying with the FTC’s second request. In Europe, a Compass Lexecon team supported counsel throughout the European Commission’s Phase I investigation.
Nathan Wilson was supported by a team that included Erica Benton, Ian MacSwain, Allan Zhang, Alexander Collison, Showroop Pokhrel and Josh Li. In Europe, Rameet Sangha and Kirsten Edwards-Warren were supported by a team that included Florian Mockel, Aiden Lo, Conor Duggan and James Forster.
Compass Lexecon worked closely with Debbie Feinstein, Matt Tabas, Niels Ersbøll and John Schmidt of Arnold & Porter; and Samantha Hynes, Florence Kuhl and Caroline Black of Sullivan & Cromwell.
Overview
Process
The teams reconstructed books and records, determined amounts deposited and withdrawn from thousands of customer accounts and analyzed hundreds of millions of transactions.
Result
With the Trustee, the teams investigated more than 16,500 claims, ultimately allowing more than 2,600.
Provided litigation support, including serving as expert witnesses, for more than 1,000 lawsuits, including two actions that reached the Supreme Court of the United States.
Our Role
Data Privacy
Our Role
In December 2008, Bernie Madoff admitted that the Investment Advisory business within his firm was a Ponzi scheme, setting off his arrest and a chain reaction of events throughout the financial services world and philanthropic communities.¹
A Trustee under the Securities Investor Protection Act was appointed to liquidate Madoff’s firm and to recover the proceeds from his Ponzi scheme. ²
Situation
FTI Consulting subsidiary Compass Lexecon helped provide evidence showing that a proposed merger between Seagen and Pfizer would not harm economic competition and helped the client successfully comply with a second request from the FTC.
Pfizer Completes $43 Billion Acquisition of Seagen
Pfizer & Seagen
Case Study
2. The Impact
1. Our Role
1. Situation
Introduction
Execution
Wells Fargo has since regained most of its market capitalization (approximately $210 billion as of January 2022), and it remains one of the largest banks in the United States.
Recommendations
These reforms helped the bank avoid criminal prosecution and were referenced in its $3 billion settlement with the U.S. government in February 2020.
Wells Fargo’s Board of Directors report, with numerous citations to FTI Consulting’s work, was publicly issued and led to wide-ranging reforms of Wells Fargo’s internal practices.
Diagnosis
The Impact
Our forensic accounting and data analytics experts examined millions of records spread across multiple platforms, looking back a decade and a half for relevant data.
Overview
Process
Wells Fargo’s Board of Directors issued a report into Wells Fargo’s sales practices based on FTI Consulting’s and Shearman & Sterling’s findings. FTI Consulting conducted over 50 interviews and analyzed consumer bank data from millions of accounts to uncover underlying issues ranging from decentralized processes to poor corporate culture.
Result
As part of this investigation, the team met with dozens of attorneys, including Wells Fargo’s in-house counsel and several firms representing Wells Fargo. FTI Consulting’s professionals also presented findings and responded to requests from attorneys at numerous government agencies, including the SEC, civil and criminal divisions of the DOJ, and the California Attorney General’s office.
Our Role
Data Privacy
Our Role
Wells Fargo shocked the nation when it announced it had fired 5,300 employees over several years for creating millions of fake customer accounts in a cross-selling practice to meet extremely aggressive sales quotas. Decades of reputational and brand value quickly evaporated as Wells Fargo made headlines for the size and scope of the sales practices and the subsequent resignations of both its CEO and COO.
Situation
Facing one of the largest instances of alleged customer fraud in U.S. banking history, Wells Fargo’s Board of Directors engaged FTI Consulting and global law firm Shearman & Sterling to conduct an independent investigation into how these alleged events occurred and help restore the bank’s reputation and enterprise value.
FTI Consulting Insights Help Wells Fargo Reform and Recover
Wells Fargo
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
Situation
Our Role
Data Privacy
Our Role
The Impact
I don’t know
No
Yes
Ensure your playbook is ready for action.
As we have seen from many high-profile incidents, an organization is generally not criticized because a cybersecurity incident has occurred, but criticism is often leveled at the organization’s response. How an organization chooses to respond can have significant reputational and financial implications which can linger long after the cyber issue has been resolved.
Briefing on Cybersecurity Crisis Communications: Five Key Takeaways
Yes
No
Prepared companies project confidence in moments of crisis.
Having a comms process in place that mitigates reputational risk and keeps stakeholders informed is a critical first step. And that includes ensuring that your review and approvals process is streamlined. See how companies can strengthen their cybersecurity messaging and preparedness across a cyber event’s life cycle.
What to Say to Your Stakeholders When You’ve Been Hacked (...)
I don’t know
Yes
No
I don’t know
All organizations are vulnerable to cybersecurity risk.
You cannot control whether you will be the victim of a cyber attack, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and financial standing. Waiting until an incident has occurred to act is too late.
Ransomware Investigation for Aviation Engineering Company
How Counsel Can Effectively Lead Data Breach Investigations
Legal professionals act as the interlocutor between disparate technical teams — from understanding cyber insurance policies to reporting to the appropriate regulatory authorities in multiple jurisdictions. This reliance on the general counsel inevitably places significant pressure on that individual to quickly gain control of complex and technical subject matter during a time that is already typified by an extreme lack of information.
GCs are increasingly positioned at the center of cyber incidents.
I don’t know
No
Yes
I don’t know
Critical Data Breach Preparedness to Implement Now
According to FTI Consulting’s 2022 Resilience Barometer survey, for the fourth year in a row, the number of G20 companies impacted by a cyber incident increased by 6% over the prior year to 84%. Despite this increase, organizations often have outdated incident response plans, creating a disjoined approach to mitigating risk and combating threats.
Prepared companies project confidence in moments of crisis.
No
Yes
I don’t know
No
A Little Calm Goes a Long Way After a Cyber Attack
No matter how thorough your plan, collaboration is key, because the model for compliance and cybersecurity ties a variety of groups together to handle different situations. And there are a lot of elements after an attack that require cross-departmental organization, from IT to comms to your general counsel.
A well-crafted cyber readiness plan is critical. But that’s only the first step.
Yes
I don’t know
No
Yes
Does your organization have regularly tested incident response plans that are specific to different types of incidents (e.g., insider threat, ransomware, business email compromise)?
Share
Meet an Expert
Select the topics that matter to you, and get personalized insights to help you lead the way in a rapidly evolving risk landscape.
Investigation of Application Controls for a Global Financial Institution
Many organizations believe the answer to third-party cyber risk management is achieving compliance, but compliance alone does not address new threats. Cyber actors are constantly evolving and developing new attack methods, demonstrating the need for protections to also follow this more agile, evolutionary path. If you protect against what has already happened and fail to prepare for what is yet to come, you will forever be vulnerable.
GCs are expected to manage cyber risk, including from third parties.
Not Confident
Somewhat Confident
Very Confident
Not Confident
Addressing Third-Party Cyber Risk: Moving Beyond a False Sense of Security
Third-party cyber risk is a unique issue in that while most organizations are aware of the significant threat it poses, many fail to implement an adequate risk mitigation strategy. The more third parties within an organization’s digital ecosystem, the more opportunities there are for breaches to occur and for threat actors to exploit and steal or expose data. Organizations are unprepared, and there is a disconnect between having awareness of a problem and the ability to manage it.
Moving beyond a false sense of security
Somewhat Confident
Very Confident
Not Confident
Somewhat Confident
10 Cyber Risks and Realities We’re Seeing This Year — And Beyond
Third-party cyber risk is just one of many threats that GCs need to consider. Opportunity is often the driving force behind cyber attacks. Threat actors know how to seize any moment and adjust their means of attack on the fly. An industry or organization not currently in the crosshairs of a threat actor can find itself there in a heartbeat. But by creating a cybersecurity program that’s based on readiness and resilience, GCs can help position organizations to handle a variety of cyber attack types.
The threat landscape is always changing. Have you considered these risks?
Very Confident
Not Confident
Somewhat Confident
Very Confident
How confident are you in understanding your organization's third-party cybersecurity risk and the implications to your organization should a connected entity suffer an incident?
Share
Meet an Expert
Select the topics that matter to you, and get personalized insights to help you lead the way in a rapidly evolving risk landscape.
Building Effective Cybersecurity Governance
Today’s general counsel must find a way to manage risk and compliance, while ensuring efficient and cost-effective operations across their departments.
An intense digital risk landscape has placed complex demands on legal teams
Legal
Information Technology
Compliance & Risk
Legal
Nine Tips to Achieve Secure IT Infrastructure
Everything in business today involves data or creates implications for it. And as data has become the foundation for modern commerce and communication, digital risk has quite rapidly surpassed all other areas of corporate risk as the major concern.
IT is a critical first line of defense against privacy and security risks.
Information Technology
Compliance & Risk
Legal
Information Technology
A New Era of Risk: Defining Digital Insights & Risk Management
Regulatory inquiries, litigation and data subject access requests could cripple business operations logistically, financially and reputationally if organizations aren’t prepared to manage them.
Risks from unprecedented data issues have become the new imperative.
Compliance & Risk
Legal
Information Technology
What department owns digital risk
in your organization?
Share
Meet an Expert
Select the topics that matter to you, and get personalized insights to help you lead the way in a rapidly evolving risk landscape.
A Guide to Data Breach Reporting Obligations
The data privacy regulatory landscape is varied and in a perpetual state of change. Without a formalized data privacy program, missteps are easy to make when the full scope of requirements are unclear and planning is difficult when new laws may crop up at any time.
Step by step, teams can shift from being reactive to making privacy a priority.
We do not monitor this proactively
Yes, but it is ad-hoc
Yes, it is part of our formalized data privacy program
Not sure
Data Subject Requests and the GDPR: Steps to Prepare
With more than 130 data protection regulations already in place and more emerging all the time, achieving and maintaining privacy compliance has become one of the most challenging imperatives in global business today.
Evolving privacy regulations demand dedicated, proactive attention.
Yes, but it is ad-hoc
Yes, it is part of our formalized data privacy program
We do not monitor this proactively
Yes, but it is ad-hoc
The Perfect Storm: AdTech, Privacy and Digital Advertising
Data privacy is (slowly) shifting from being viewed as a burden to being embraced as a strategic enabler. At the same time, mature programs must keep pace with new areas of enforcement.
Mature data privacy programs drive enterprise value and trust.
Yes, it is part of our formalized data privacy program
Not sure
Yes, but it is ad-hoc
Yes, it is part of our formalized data privacy program
Does your organization have a process for monitoring and responding to data protection regulations as they arise and change?
Share
Meet an Expert
Select the topics that matter to you, and get personalized insights to help you lead the way in a rapidly evolving risk landscape.
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Other/Don't know
A New Era of Risk: Defining Digital Insights & Risk Management
Given that the definition of digital risk is both broad and vague, it is perhaps unsurprising that ownership is also unclear. A wide range of titles are expected to manage digital risk, including chief technology officers, chief information security officers, chief information officers, chief risk officers, chief compliance officers and chief data officers.
Digital risk encompasses every aspect of how organizations collect, generate, use and store data.
Other/Don’t Know
Information Technology
Compliance & Risk
Other/Don't know
Other/Don’t Know
Other/Don’t Know
Legal
We do not monitor this proactively
Not sure
We do not monitor this proactively
Not sure
We do not monitor this proactively
Privacy and Innovation: Reflections on Recent Data Privacy Events
Privacy is a rapidly maturing field and organizations are making steady progress in establishing programs or improving maturity. A key goal should be to move beyond compliance to build data protection, transparency, trust and consumer privacy into the fabric of corporate culture and business-as-usual operations.
Data privacy risk touches many aspects of business risk and exposure.
Not sure
Yes, but it is ad-hoc
Yes, it is part of our formalized data privacy program
Compliance & Risk
All Awards
Case Studies
Hostess & Smuckers
Our Role
Diagnosis
Recommendations
Execution
Judge Corley’s opinion relied on several recent challenges to vertical mergers where judges ruled for the defendants — United States of America v. AT&T Inc., DirecTV Group Holdings, LLC, and Time Warner Inc.; Federal Trade Commission v. Meta Platforms, Inc.; and the FTC ALJ opinion in In the Matter of Illumina, Inc. and Grail, Inc. — all of which are cases where Professor Carlton served as an economic expert for the merging parties.
Execution
Recommendations
Diagnosis
The Impact
In 2022, Colonial Pipeline received the Silver Anvil Award of Excellence from the Public Relations Society of America for its communications response to the ransomware attack and navigating a national crisis.
Working in close partnership with both parties and counsel, FTI Technology’s experts and workflows significantly reduced documents from the review set for both parties. They successfully delivered an on-time, fulsome and compliant document review and investigation on behalf of MASMOVIL and Orange, which contributed to satisfying the requirements of the European Commission and the merger ultimately being approved.
Judge Corley’s opinion relied on several recent challenges to vertical mergers where judges ruled for the defendants — United States of America v. AT&T Inc., DirecTV Group Holdings, LLC, and Time Warner Inc.; Federal Trade Commission v. Meta Platforms, Inc.; and the FTC ALJ opinion in In the Matter of Illumina, Inc. and Grail, Inc. — all of which are cases where Professor Carlton served as an economic expert for the merging parties.
Execution
Recommendations
Judge Corley repeatedly referenced Professor Carlton’s testimony in her opinion criticizing the FTC expert’s analysis and acknowledged several post-transaction benefits noted in Professor Carlton’s testimony.
Due in part to Compass Lexecon’s expert testimony, the court denied the Federal Trade Commission’s (“FTC”) request for a preliminary injunction, citing a failure to demonstrate that the proposed merger would substantially restrict competition.
Microsoft’s $68.7 billion acquisition of Activision proceeded — the largest technology deal to date.
Judge Jacqueline Scott Corley repeatedly referenced Compass Lexecon’s testimony and analysis when criticizing the FTC expert’s analysis and acknowledged several post-transaction benefits.
Diagnosis
The Impact
Compass Lexecon’s economic analysis and expert testimony identified deal-specific benefits, including expanded access to Activision Blizzard’s gaming content, lower costs for gamers and increased incentives for investment in game development.
Result
Compass Lexecon expert, Professor Dennis W. Carlton, testified before the federal court that the FTC expert’s economic analysis was flawed, relied on unsupported assumptions, and failed to show that the transaction would lead to unfair competition and foreclosure of Activision Blizzard’s content from Microsoft rivals.
Process
Compass Lexecon was engaged to provide economic analysis and expert testimony on the deal’s impact on competition and procompetitive efficiencies in the gaming industry.
Overview
Our Role
In December 2022, the U.S. Federal Trade Commission (“FTC”) filed a complaint in the federal court in California to halt Microsoft’s acquisition of Activision Blizzard, citing antitrust concerns.
The FTC alleged that the deal would allow Xbox-maker Microsoft to suppress competition in the gaming industry and monopolize Activision Blizzard’s popular game titles such as World of Warcraft and Call of Duty. Microsoft and Activision Blizzard retained FTI Consulting subsidiary Compass Lexecon to respond to FTC’s complaint.
Situation
FTI Consulting subsidiary Compass Lexecon secures a landmark victory for clients Microsoft and Activision Blizzard, a leading game developer and publisher, in a highly contested vertical merger, the largest technology merger in history.
Microsoft and Activision Prevail in Landmark Merger Case
Microsoft & Activision
Case Study
The Impact
Our Role
Situation
Introduction
Hertz successfully de-fleeted approximately 200,000 vehicles, facilitating the repayment of USD$4.3 billion in debt principal and sold its Donlen business for approximately USD$875 million.
Execution
Recommendations
Judge Corley repeatedly referenced Professor Carlton’s testimony in her opinion criticizing the FTC expert’s analysis and acknowledged several post-transaction benefits noted in Professor Carlton’s testimony.
In September 2023, Hostess Brands successfully announced its acquisition by The J.M. Smucker Company for approximately $5.6 billion.
Transaction risks were mitigated by FTI Consulting’s comprehensive leak strategy, preparation and strong media relationships.
Seamless coordination of communications on the day of the transaction ensured correct and impactful cadence.
Hostess analyst and media engagement resulted in 640 total articles published and the team fielded more than 20 direct media inquiries.
Diagnosis
The Impact
FTI Consulting’s team of experts managed diligence activities and communications with financial and legal advisors and provided a temporary senior-level accounting resource, among other activities.
Result
FTI Consulting assisted with cash forecasting and liquidity management; oversaw vendor- and supplier-related matters; and prepared a quality-of-earnings report for the sale of Hertz’s Donlen subsidiary.
Process
FTI Consulting developed and prepared a leak response plan. When the acquisition did leak via a Reuters article, FTI Consulting executed the response plan, helping to manage media inquiries and internal and external responses to the leak.
FTI Consulting played a critical role in the organization and execution of the deal announcement. The team developed stakeholder materials and first drafts so that when a buyer was chosen, the team could move as quickly as possible.
After learning of the buyer, FTI Consulting’s team coordinated with the counterparty and advisor teams to manage the full communication rollout process, adjusted and finalized stakeholder documents, supported Hostess with transaction logistics, and fielded both internal and external inquiries post-announcement.
Overview
Our Role
Hostess Brands, a leading sweet snacks company with iconic brands like Twinkies, Ding Dongs, Donettes, and Voortman, partnered with FTI to navigate communications around its transaction process, ultimately resulting in its acquisition by The J.M Smucker Co. for approximately $5.6 billion. FTI Consulting was initially retained due to increased leak risk related to a potential transaction. As Hostess ran a process and more parties became privy to a potential deal, the risk of a leak increased exponentially.
Situation
Hostess Brands, a leading sweet snacks company with iconic brands like Twinkies, Ding Dongs, Donettes and Voortman, partnered with FTI Consulting to navigate communications around its transaction process, ultimately resulting in its acquisition by The J.M Smucker Co. for approximately $5.6 billion. FTI Consulting was initially retained due to increased leak risk related to a potential transaction. As Hostess ran a process and more parties became privy to a potential deal, the risk of a leak increased exponentially.
Navigating Hostess Brands’ $5.6 billion acquisition by The J.M Smucker Company
Hostess & Smuckers
Case Study
The Impact
Our Role
Situation
Introduction
Hertz successfully de-fleeted approximately 200,000 vehicles, facilitating the repayment of USD$4.3 billion in debt principal and sold its Donlen business for approximately USD$875 million.
Execution
Recoveries from the Madoff Recovery Initiative far exceed similar efforts related to prior Ponzi schemes both in terms of dollar value and percentage of stolen funds recovered.³
On December 14, 2023, Pfizer completed its $43 billion acquisition of Seagen – the largest M&A deal in biopharma since 2019. The deal closed after merger reviews by competition authorities around the world. A global Compass Lexecon team comprised of personnel in the U.S., Europe, and Singapore provided economic analysis and logistical support throughout the regulatory review process.
The Impact
With the Trustee, the teams investigated more than 16,500 claims, ultimately allowing more than 2,600.
Provided litigation support, including serving as expert witnesses, for more than 1,000 lawsuits, including two actions that reached the Supreme Court of the United States.
Result
The teams reconstructed books and records, determined amounts deposited and withdrawn from thousands of customer accounts and analyzed hundreds of millions of transactions.
Process
In the U.S., a Compass Lexecon team led by Nathan Wilson supported counsel through the HSR process, developing economic evidence that showed the proposed merger would not harm competition while also aiding in the process of successfully complying with the FTC’s second request. In Europe, a Compass Lexecon team supported counsel throughout the European Commission’s Phase 1 investigation.
Nathan Wilson was supported by a team that included Erica Benton, Ian MacSwain, Allan Zhang, Alexander Collison, Showroop Pokhrel and Josh Li. In Europe, Rameet Sangha and Kirsten Edwards-Warren were supported by a team that included Florian Mockel, Aiden Lo, Conor Duggan, and James Forster.
Compass Lexecon worked closely with Debbie Feinstein, Matt Tabas, Niels Ersbøll, and John Schmidt of Arnold & Porter; and Samantha Hynes, Florence Kuhl, and Caroline Black of Sullivan & Cromwell.
Overview
Our Role
In December 2008, Bernie Madoff admitted that the Investment Advisory business within his firm was a Ponzi scheme, setting off his arrest and a chain reaction of events throughout the financial services world and philanthropic communities.¹
A Trustee under the Securities Investor Protection Act was appointed to liquidate Madoff’s firm and to recover the proceeds from his Ponzi scheme.²
Situation
Compass Lexecon helped provide evidence showing that a proposed merger between Seagen and Pfizer would not harm economic competition and helped the client successfully comply with a second request from the FTC.
Pfizer Completes $43 Billion Acquisition of Seagen
Pfizer & Seagen
Case Study
The Impact
Our Role
Situation
Introduction
Wells Fargo has since regained most of its market capitalization (approximately $210 billion as of January 2022), and it remains one of the largest banks in the United States.
Execution
These reforms helped the bank avoid criminal prosecution and were referenced in its $3 billion settlement with the U.S. government in February 2020.
Recommendations
Wells Fargo’s Board of Directors report, with numerous citations to FTI Consulting’s work, was publicly issued and led to wide-ranging reforms of Wells Fargo’s internal practices.
Diagnosis
The Impact
As part of this investigation, the team met with dozens of attorneys, including Wells Fargo’s in-house counsel and several firms representing Wells Fargo. FTI Consulting’s professionals also presented findings and responded to requests from attorneys at numerous government agencies, including the SEC, civil and criminal divisions of the DOJ, and the California Attorney General’s office.
Result
Wells Fargo’s Board of Directors issued a report into Wells Fargo’s sales practices based on FTI Consulting’s and Shearman & Sterling’s findings. FTI Consulting conducted over 50 interviews and analyzed consumer bank data from millions of accounts to uncover underlying issues ranging from decentralized processes to poor corporate culture.
Process
Our forensic accounting and data analytics experts examined millions of records spread across multiple platforms, looking back a decade and a half for relevant data.
Overview
Our Role
Wells Fargo shocked the nation when it announced it had fired 5,300 employees over several years for creating millions of fake customer accounts in a cross-selling practice to meet extremely aggressive sales quotas. Decades of reputational and brand value quickly evaporated as Wells Fargo made headlines for the size and scope of the sales practices and the subsequent resignations of both its CEO and COO. FTI Consulting and Shearman & Sterling were retained by a special committee of Wells Fargo’s Board of Directors to conduct an independent investigation and give the Board of Directors more clarity on what happened and the actions to take going forward to restore credibility with impacted stakeholders.
Situation
Facing one of the largest instances of alleged customer fraud in U.S. banking history, Wells Fargo’s Board of Directors engaged FTI Consulting and global law firm Shearman & Sterling to conduct an independent investigation into how these alleged events occurred and help restore the bank’s reputation and enterprise value.
FTI Consulting Insights
Help Wells Fargo Reform
and Recover
Wells Fargo
Case Study
The Impact
Our Role
Situation
Introduction
Microsoft & Activision
MASMOVIL & Orange
Pfizer & Seagen
Wells Fargo
Microsoft & Activision
Select a Case Study
MASMOVIL & Orange
Hostess & Smuckers
Pfizer & Seagen
Wells Fargo
Cybersecurity & Data Privacy
Safeguarding Through Crises
Cybersecurity & Data Privacy
Safeguarding Through Crises
Select a Topic
View All General Counsel Insights
Read More
Cyber risks and threats related to advanced technologies such as artificial intelligence, blockchain, cryptocurrency and metaverse en...
The GC and ESG: From Great Risk Comes Great Opportunity
Read More
The first 48 hours of a corporate crisis presents a complex web of risk and challenges for the general counsel ("GC").
Missteps the GC Should Avoid in the First 48 Hours of a Crisis
Read More
In-house counsel should coordinate inside leaders and outside advisors to respond to a crisis. But they also have a role in longer-term response.
More Than Mere Survival: The GC’s Role in Moving Beyond Crisis
Read More
Regardless of scale, every company stands to experience a crisis sooner or later. The difference between survival and extinction often boils down to how effectively the company can react and how it handles the fallout.
Preparing for the Inevitable Black Swan
Read More
On June 15, 2023, FTI Consulting and WSJ Custom Events invited Deputy Attorney General Lisa Monaco to speak on the general counsel’s role as...
When the Black Swan Comes From Within
High-profile cybersecurity and data privacy threats are pervasive and sophisticated. Explore our insights discovery tool to get personalized recommendations on how you can safeguard privacy, maintain governance, ensure regulatory compliance and protect against bad actors.
Meet an Expert
Share
Incident Response Plans
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Managing & Guiding Communications
Third-Party Security Risk
Digital Risk
Data Protection Regulations
Third-Party Security Risk
Digital Risk
Data Protection Regulations
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Share
Meet an Expert
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Share
Meet an Expert
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Share
Meet an Expert
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Share
Meet an Expert
I don't know
No
Yes
Ensure your playbook is ready for action.
As we have seen from many high-profile incidents, an organization is generally not criticized because a cybersecurity incident has occurred, but criticism is often levelled at the organization’s response. How an organisation chooses to respond can have significant reputational and financial implications which can sustain long after the cyber issue has been resolved.
Briefing on Cybersecurity Crisis Communications: Five Key Takeaways
I don't know
Yes
What to Say to Your Stakeholders When You’ve Been Hacked (Hint: Don’t Say ‘Hacked’)
Having a comms process in place that mitigates reputational risk and keeps stakeholders informed is a critical first step. And that includes ensuring that your review and approvals process is streamlined. See how companies can strengthen their cybersecurity messaging and preparedness across a cyber event’s life cycle.
Prepared companies project confidence in moments of crisis.
No
No
Ransomware Investigation for Aviation Engineering Company
You cannot control if you will be the victim of a cyber attack or not, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and financial standing. Waiting until an incident has occurred to act is too late.
All organizations are vulnerable to cybersecurity risk.
I don't know
Yes
How Counsel Can Effectively Lead Data Breach Investigations
Legal professionals act as the interlocutor between disparate technical teams — from understanding cyber insurance policies to reporting to the appropriate regulatory authorities in multiple jurisdictions. This reliance on the general counsel inevitably places significant pressure on that individual to quickly gain control of complex and technical subject matter during a time that is already typified by an extreme lack of information.
GCs are increasingly positioned at the center of cyber incidents.
I don't know
No
Yes
I don't know
Critical Data Breach Preparedness to Implement Now
According to FTI Consulting’s 2022 Resilience Barometer survey, for the fourth year in a row, the number of G20 companies impacted by a cyber incident increased by 6% over the prior year to 84%. Despite this increase, organizations often have outdated incident response plans, creating a disjoined approach to mitigating risk and combating threats.
Prepared companies project confidence in moments of crisis.
No
Yes
I don't know
No
A Little Calm Goes a Long Way After a Cyber Attack
No matter how thorough your plan, collaboration is key, because the model for compliance and cybersecurity ties a variety of groups together to handle different situations. And there are a lot of elements after an attack that require cross-departmental organization, from IT to comms to your general counsel.
A well-crafted cyber readiness plan is critical. But that’s only the first step.
Yes
I don't know
No
Yes
Does your organization have regularly tested incident response plans that are specific to different types of incidents (e.g., insider threat, ransomware, business email compromise)?
Investigation of Application Controls for a
Global Financial Institution
Many organizations believe the answer to third-party cyber risk management is achieving compliance, but compliance alone does not address new threats. Cyber actors are constantly evolving and developing new attack methods, demonstrating the need for protections to also follow this more agile, evolutionary path. If you protect against what has already happened and fail to prepare for what is yet to come, you will forever be vulnerable.
GCs are expected to manage cyber risk, including from third parties.
Not Confident
Somewhat Confident
Very Confident
Not Confident
Addressing Third-Party Cyber Risk: Moving Beyond a False Sense of Security
Third-party cyber risk is a unique issue in that while most organizations are aware of the significant threat it poses, many fail to implement an adequate risk mitigation strategy. The more third parties within an organization’s digital ecosystem, the more opportunities there are for breaches to occur and for threat actors to exploit and steal or expose data. Organizations are unprepared, and there is a disconnect between having awareness of a problem and the ability to manage it.
Moving beyond a false sense of security.
Somewhat Confident
Very Confident
Not Confident
Somewhat Confident
10 Cyber Risks and Realities We’re Seeing
This Year — And Beyond
Third-party cyber risk is just one of many threats that GCs need to consider. Opportunity is often the driving force behind cyber attacks. Threat actors know how to seize any moment and adjust their means of attack on the fly. An industry or organization not currently in the crosshairs of a threat actor can find itself there in a heartbeat. But by creating a cybersecurity program that’s based on readiness and resilience, GCs can help position organizations to handle a variety of cyber attack types.
The threat landscape is always changing. Have you considered these risks?
Very Confident
Not Confident
Somewhat Confident
Very Confident
How confident are you in understanding your organization's third-party cybersecurity risk and the implications to your organization should a connected entity suffer an incident?
Building Effective Cybersecurity Governance
Today’s general counsel must find a way to manage risk and compliance, while ensuring efficient and cost-effective operations across their departments.
An intense digital risk landscape has placed complex demands on legal teams
Legal
Information Technology
Compliance & Risk
Legal
Nine Tips to Achieve Secure IT Infrastructure
Everything in business today involves data or creates implications for it. And as data has become the foundation for modern commerce and communication, digital risk has quite rapidly surpassed all other areas of corporate risk as the major concern.
IT is a critical first line of defense against privacy and security risks.
Information Technology
Compliance & Risk
Legal
Information Technology
A New Era of Risk: Defining Digital
Insights & Risk Management
Regulatory inquiries, litigation and data subject access requests could cripple business operations logistically, financially and reputationally if organizations aren’t prepared to manage them.
Risks from unprecedented data issues have become the new imperative.
Compliance & Risk
Legal
Information Technology
Compliance & Risk
What department owns digital risk in your organization?
A Guide to Data Breach Reporting Obligations
The data privacy regulatory landscape is varied and in a perpetual state of change. Without a formalized data privacy program, missteps are easy to make when the full scope of requirements are unclear and planning is difficult when new laws may crop up at any time.
Step by step, teams can shift from being reactive to making privacy a priority.
We do not monitor this proactively
Yes, but it is ad-hoc
Yes, is is part of our formalized data privacy program
We do not monitor this proactively
Data Subject Requests and the GDPR: Steps to Prepare
With more than 130 data protection regulations already in place and more emerging all the time, achieving and maintaining privacy compliance has become one of the most challenging imperatives in global business today.
Evolving privacy regulations demand dedicated, proactive attention.
Yes, but it is ad-hoc
Yes, is is part of our formalized data privacy program
We do not monitor this proactively
Yes, but it is ad-hoc
The Perfect Storm: AdTech, Privacy and Digital Advertising
Data privacy is (slowly) shifting from being viewed as a burden to being embraced as a strategic enabler. At the same time, mature programs must keep pace with new areas of enforcement.
Mature data privacy programs drive enterprise value and trust.
Yes, is is part of our formalized data privacy program
We do not monitor this proactively
Yes, but it is ad-hoc
Yes, is is part of our formalized data privacy program
Does your organization have a process for monitoring and responding to data protection regulations as they arise and change?
Ransomware Investigation for Aviation Engineering Company
You cannot control whether you will be the victim of a cyber attack, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and financial standing. Waiting until an incident has occurred to act is too late.
All organizations are vulnerable to cybersecurity risk.
I don't know
No
Yes
I don't know
What to Say to Your Stakeholders When You’ve Been Hacked (Hint: Don’t Say ‘Hacked’)
Having a comms process in place that mitigates reputational risk and keeps stakeholders informed is a critical first step. And that includes ensuring that your review and approvals process is streamlined. See how companies can strengthen their cybersecurity messaging and preparedness across a cyber event’s life cycle.
Prepared companies project confidence in moments of crisis.
No
Yes
I don't know
No
Briefing on Cybersecurity Crisis Communications: Five Key Takeaways
As we have seen from many high-profile incidents, an organization is generally not criticized because a cybersecurity incident has occurred, but criticism is often leveled at the organization’s response. How an organization chooses to respond can have significant reputational and financial implications which can linger long after the cyber issue has been resolved.
Ensure your playbook is ready for action.
Yes
I don't know
No
Yes
Does your organization have a process for managing and guiding communications in the event of a cybersecurity incident?
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Share
Meet an Expert
Does your organization have a process for managing and guiding communications in the event of a cybersecurity incident?
Other/Don’t Know
Other/Don't know
Other/Don’t Know
Other/Don’t Know
Legal
A New Era of Risk: Defining Digital Insights & Risk Management
Given that the definition of digital risk is both broad and vague, it is perhaps unsurprising that ownership is also unclear. A wide range of titles are expected to manage digital risk, including chief technology officers, chief information security officers, chief information officers, chief risk officers, chief compliance officers and chief data officers.
Digital risk encompasses every aspect of how organizations collect, generate, use and store data.
Other/Don’t Know
Information Technology
Compliance & Risk
Not sure
Not sure
Not sure
Not sure
We do not monitor this proactively
Privacy and Innovation: Reflections on Recent Data Privacy Events
Privacy is a rapidly maturing field and organizations are making steady progress in establishing programs or improving maturity. A key goal should be to move beyond compliance to build data protection, transparency, trust and consumer privacy into the fabric of corporate culture and business-as-usual operations.
Data privacy risk touches many aspects of business risk and exposure.
Not sure
Yes, but it is ad-hoc
Yes, is is part of our formalized data privacy program
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select the topic that is top of mind for you, then tell us where you are on your journey to receive a personalized reading recommendation:
Share
Meet an Expert
Data Protection Regulations
How do your cybersecurity and data privacy strategies stack up?
Case Studies
Jordan Rae Kelly, Senior Managing Director, Head of Cybersecurity, Americas, discusses why GCs need to prepare for a cybersecurity incident.
Steps GCs Can Take to Be Smart on Cybersecurity
Meredith Griffanti, Strategic Communications Global Head of Cybersecurity & Data Privacy Communications, outlines why the General Counsel is pivotal in an incident response situation.
Data Privacy & Cybersecurity for the GC Community
FTI Consulting and Shearman & Sterling were retained by a special committee of Wells Fargo’s Board of Directors to conduct an independent investigation and give the Board of Directors more clarity on what happened and the actions to take going forward to restore credibility with impacted stakeholders.
¹ Securities and Exchange Commission v. Bernard L. Madoff, U.S. District Court S.D.N.Y. (Dec. 11, 2008).
² Securities and Exchange Commission v. Bernard L. Madoff, U.S. District Court S.D.N.Y. (Dec. 15, 2008).
¹ Aaron Katersky, “More funds recovered for victims of Bernie Madoff,” ABC News web site (Dec. 9, 2022).
Execution
Luckin Coffee was delisted from Nasdaq and agreed to pay a USD$180 million penalty to the U.S. Securities and Exchange Commission³ in addition to reaching a USD$175 million settlement of shareholder class action claims.⁴
Recommendations
Documentary evidence confirmed that Luckin Coffee’s Chief Executive Officer, Chief Operating Officer and certain employees reporting to them actively participated in the creation of the fabricated transactions and attempts to hide them. Their employment was ultimately terminated.²
The Special Committee, Kirkland & Ellis and FTI Consulting were able to establish that the fabrication of transactions commenced in April 2019, and as a result Luckin Coffee’s net revenue was overstated by approximately RMB2.12 billion.¹
Diagnosis
The Impact
Over the course of the Investigation, the Special Committee, Kirkland & Ellis and FTI Consulting reviewed over 550,000 documents collected from over 60 custodians, interviewed over 60 witnesses, and performed extensive forensic accounting and data analytics testing.¹
Data & Analytics
Investigations & Monitorships
TBC
E-Discovery & Managed Review
TBC
Our Role
Data Privacy
Our Role
Luckin Coffee continued to grow rapidly and expanded to more than 4,000 stores by 2020.
Luckin Coffee promoted itself as a technology-based domestic rival to Starbucks, bringing different business models and concepts to the coffee chain industry. After its maiden fundraising round the startup was valued at US$1billion making it one of the quickest firms to reach ‘unicorn’ status in China.¹
Situation
When short-sellers alleged Luckin Coffee Inc., a US listed China-based company founded in 2017, of accounting fraud and employee misconduct, discredited public disclosures and questioned the overall health of the business, FTI Consulting was engaged by a Special Committee of the Board of Directors of Luckin Coffee as an independent forensic accounting expert to assist in an independent investigation into the allegations.¹
Trouble Brewing: Helping Luckin Coffee Uncover Fraud
Luckin Coffee
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
Luckin Coffee was delisted from Nasdaq and agreed to pay a USD$180 million penalty to the U.S. Securities and Exchange Commission³ in addition to reaching a USD$175 million settlement of shareholder class action claims.⁴
Execution
Documentary evidence confirmed that Luckin Coffee’s Chief Executive Officer, Chief Operating Officer and certain employees reporting to them actively participated in the creation of the fabricated transactions and attempts to hide them. Their employment was ultimately terminated.²
Recommendations
The Special Committee, Kirkland & Ellis and FTI Consulting were able to establish that the fabrication of transactions commenced in April 2019, and as a result Luckin Coffee’s net revenue was overstated by approximately RMB2.12 billion.¹
Diagnosis
The Impact
Over the course of the Investigation, the Special Committee, Kirkland & Ellis and FTI Consulting reviewed over 550,000 documents collected from over 60 custodians, interviewed over 60 witnesses, and performed extensive forensic accounting and data analytics testing.¹
Data & Analytics
Our Role
Luckin Coffee promoted itself as a technology-based domestic rival to Starbucks, bringing different business models and concepts to the coffee chain industry. After its maiden fundraising round the startup was valued at US$1billion making it one of the quickest firms to reach ‘unicorn’ status in China.¹
Luckin Coffee continued to grow rapidly and expanded to more than 4,000 stores by 2020.
An anonymous short-selling report cited by Muddy Waters alleged that Luckin Coffee was involved in an elaborate accounting fraud.² Luckin Coffee’s Board of Directors formed a Special Committee to undertake an independent investigation of the allegations. The Special Committee engaged Kirkland & Ellis as its legal advisor and FTI Consulting as its independent forensic accounting expert.³
Situation
When short-sellers alleged Luckin Coffee Inc., a US listed China-based company founded in 2017, of accounting fraud and employee misconduct, discredited public disclosures and questioned the overall health of the business, FTI Consulting was engaged by a Special Committee of the Board of Directors of Luckin Coffee as an independent forensic accounting expert to assist in an independent investigation into the allegations.¹
Trouble Brewing: Helping Luckin Coffee Uncover Fraud
Luckin Coffee
Case Study
The Impact
Our Role
Situation
Introduction
Luckin Coffee
Luckin Coffee
¹ Luckin Coffee Announces Formation of Independent Special Committee and Provides Certain Information Related to Ongoing Internal Investigation
An anonymous short-selling report cited by Muddy Waters alleged that Luckin Coffee was involved in an elaborate accounting fraud.² Luckin Coffee’s Board of Directors formed a Special Committee to undertake an independent investigation of the allegations. The Special Committee engaged Kirkland & Ellis as its legal advisor and FTI Consulting as its independent forensic accounting expert.³
¹ Luckin Coffee's journey from hot startup to $5billion share wipeout
² Luckin Coffee's journey from hot startup to $5billion share wipeout
³ Luckin Coffee Announces Formation of Independent Special Committee and Provides Certain Information Related to Ongoing Internal Investigation
¹ Luckin Announces the Substantial Completion of the Internal Investigation
¹ Luckin Announces the Substantial Completion of the Internal Investigation
² Luckin Announces the Substantial Completion of the Internal Investigation
³ https://www.sec.gov/news/press-release/2020-319
⁴ Luckin Coffee in $175 million class action settlement over accounting fraud
¹ Securities and Exchange Commission v. Bernard L. Madoff, U.S. District Court S.D.N.Y. (Dec. 11, 2008).
² Securities and Exchange Commission v. Bernard L. Madoff, U.S. District Court S.D.N.Y. (Dec. 15, 2008).
³ Aaron Katersky, “More funds recovered for victims of Bernie Madoff,” ABC News web site (Dec. 9, 2022).
¹ Luckin Coffee Announces Formation of Independent Special Committee and Provides Certain Information Related to Ongoing Internal Investigation
¹ Luckin Coffee's journey from hot startup to $5billion share wipeout
² Luckin Coffee's journey from hot startup to $5billion share wipeout
³ Luckin Coffee Announces Formation of Independent Special Committee and Provides Certain Information Related to Ongoing Internal Investigation
¹ Luckin Announces the Substantial Completion of the Internal Investigation
¹ Luckin Announces the Substantial Completion of the Internal Investigation
² Luckin Announces the Substantial Completion of the Internal Investigation
³ https://www.sec.gov/news/press-release/2020-319
⁴ Luckin Coffee in $175 million class action settlement over accounting fraud
White Collar Crime
Read More
While corporations are beefing up governance and internal controls to comply with the Foreign Corrupt Practices Act and mitigate bribery activity, many of the processes are still manual, onerous and inefficient.
How Can Artificial Intelligence Help Tackle Bribery Payments?
Read More
The general counsel (“GC”) is no stranger to the problem of white-collar crime. The stakes have risen as rapidly evolving technology such as artificial intelligence (“AI”), digital assets and the virtual world...
Future-Proofing White-Collar Crime Defenses
Read More
The ever-growing catalog of sanctions from federal agencies can trip up any organization. Even the most diligent companies can go astray.
Watch Out for These "Hidden" Sanctions Traps
Read More
The Department of Justice is pushing companies to police themselves, voluntarily report misconduct and improve compliance programs. The silver lining? Companies that implement strong compliance progra...
Carrots and Sticks: Understanding the DOJ’s New Voluntary Self-Disclosure Policy
The Expert Briefing with FTI Cybersecurity
Read More
European and UK regulators are increasingly focusing on the financial crime risks within the payments sector.
All of these call on payments institutions, electronic money institutions (“EMIs”) and registered account informational service providers to do more to protect customers’ funds and the integrity of the financial system.
Payment Firms Under the Microscope — Do Your Financial Crime Controls Stand Up to Regulatory Scrutiny?
View All General Counsel Insights
Adam Berry, Senior Managing Director within our Data & Analytics segment and Nicole Wells, Senior Managing Director and Leader of Risk & Investigations discuss.
Leveraging Data & Compliance for
Pre-Merger Antitrust Diligence
Steve McNew, Global Leader of Blockchain and Digital Assets, talks about what acquirers need to think about ahead of the deal.
Opportunities and Risks for M&A in the Crypto Industry
Alex Deane, Head of UK Public Affairs, explains why political due diligence is such a vital part of the M&A process.
M&A and Political
Due Diligence
Adam Berry, Senior Managing Director within our Data & Analytics segment and Nicole Wells, Senior Managing Director and Leader of Risk & Investigations discuss.
Leveraging Data & Compliance for
Pre-Merger Antitrust Diligence
White Collar Crime
White Collar Crime
View All General Counsel Insights
Read More
As ESG standards evolve, so too does the role of the general counsel, with many already in charge of identifying and tracking certain corporate ESG performance metrics.
How Can Artificial Intelligence Help Tackle Bribery Payments?
Read More
The general counsel (“GC”) is no stranger to the problem of white-collar crime. The stakes have risen as rapidly evolving technology such as artificial intelligence (“AI”), digital assets and the virtual world have introduced new methods of...
Future-Proofing White-Collar Crime Defenses
Read More
The ever-growing catalog of sanctions from federal agencies can trip up any organization. Even the most diligent companies can go astray.
Watch Out for These ‘Hidden’ Sanctions Traps
Read More
The Department of Justice is pushing companies to police themselves, voluntarily report misconduct and improve compliance programs. The silver lining? Companies that implement str...
Carrots and Sticks: Understanding the DOJ’s New Voluntary Self-Disclosure Policy
Read More
Social and technological changes have elevated the amount of potential harm a rogue employee can do. Knowing the best approach to take can minimize the fallout and even mitigate future risks.
Payment Firms Under the Microscope – Do Your Financial Crime Controls Stand Up to Regulatory Scrutiny?
All Awards
How can companies manage complex data to meet procedural obligations? Senior Managing Director Ashley Brickles discusses what firms can do to be successful.
Handling Data Complexities in Merger Clearance
Meredith Griffanti, Strategic Communications Global Head of Cybersecurity & Data Privacy Communications, outlines why the General Counsel is pivotal in an incident response situation.
Data Privacy & Cybersecurity for the GC Community
How can companies manage complex data to meet procedural obligations? Senior Managing Director Ashley Brickles discusses what firms can do to be successful.
Handling Data Complexities in Merger Clearance
Jordan Rae Kelly, Senior Managing Director, Head of Cybersecurity, Americas, discusses why GCs need to prepare for a cybersecurity incident.
Steps GCs Can Take to Be Smart on Cybersecurity
David Dunn, Senior Managing Director and Head of EMEA Cybersecurity at FTI Consulting, talks about the importance for PE firms of thinking about cybersecurity across the entire investment lifecycle.
Expert Perspective — Cybersecurity and Private Equity
Andrew Szwez, Senior Managing Director at FTI Consulting, discusses second requests from the Federal Trade Commission ("FTC") or the Department of Justice ("DOJ") during their review of mergers or acquisitions and how they can be managed efficiently and defensibly.
Anatomy of a Second
Request
M&A AND ANTITRUST
View All General Counsel Insights
Read More
While corporations are beefing up governance and internal controls to comply with the Foreign Corrupt Practices Act and mitigate bribery activity, many of the processes are still manual, onerous and inefficient.
How Can Artificial Intelligence Help Tackle Bribery Payments?
Read More
The general counsel (“GC”) is no stranger to the problem of white-collar crime. The stakes have risen as rapidly evolving technology such as artificial intelligence (“AI”), digital assets and the virtual world...
Future-Proofing White-Collar Crime Defenses
Read More
Few things can incite more stress and urgency for general counsel and compliance teams than a Hart-Scott-Rodino (“HSR”) second request. Second requests are comparable to a crisis event, spurring the need for transacting parties to process, review and produce large quantities of documents to regulators in a matter of only weeks or months. The timing, costs and overall success of a deal can hinge on an organization’s ability to properly comply with related merger clearance investigations across jurisdictions. What can GCs expect when pursuing M&A in this environment?
How General Counsel Can Navigate Merger Scrutiny and Protect Deals
Read More
Traditional due diligence programs account for financial, commercial and operational inquiries. Keeping pace in today’s digital age, however, requires that investors go beyond the scope of conventional diligence and ensure that risks posed by cybersecurity issues are adequately considered and actioned appropriately. By identifying and mitigating risks in advance, the acquiring company gains assurance around the value of their investment, while the acquired company is given the opportunity to remediate vulnerabilities identified throughout the process — safeguarding their valuation and remaining an attractive investment prospect.
The Importance of Cybersecurity M&A Due Diligence
The Expert Briefing with FTI Cybersecurity
Read More
It now seems accepted wisdom among informed observers that as goes PE, so goes M&A. But PE firms will experience a new set of challenges as they bring their liquidity — as well as their innovation — into the market. Unfamiliar and increasingly complex regulatory, compliance and reporting issues add to strategic considerations firms will now have to make. Furthermore, managing different kinds of communications with stakeholders — both required and voluntary — and attending to government affairs at both the federal and the state level may place added focus on the strategic role of General Counsel (“GC”) and in-house legal teams that have traditionally managed these details for PE firms as they seek further advantage and returns in the M&A market.
Navigating PE Success in a New M&A Landscape
Overview
M&A and Antitrust
M&A and Antitrust
View All General Counsel Insights
Read More
While corporations are beefing up governance and internal controls to comply with the Foreign Corrupt Practices Act and mitigate bribery activity, many of the processes are stil...
How Can Artificial Intelligence Help Tackle Bribery Payments?
Read More
The general counsel (“GC”) is no stranger to the problem of white-collar crime. The stakes have risen as rapidly evolving technology such as artificial intelligence (“AI”), digital assets and the virtual world have introduced new methods of...
Future-Proofing White-Collar Crime Defenses
Read More
Few things can incite more stress and urgency for general counsel and compliance teams than a Hart-Scott-Rodino (“HSR”) second request. Second requests are comparable to a crisis event, spurring the need for transacting parties to process, review and produce large quantities of documents to regulators in a matter of only weeks or months. The timing, costs and overall success of a deal can hinge on an organization’s ability to properly comply with related merger clearance investigations across jurisdictions. What can GCs expect when pursuing M&A in this environment?
How General Counsel Can Navigate Merger Scrutiny and Protect Deals
Read More
Traditional due diligence programs account for financial, commercial, and operational inquiries. Keeping pace in today’s digital age, however, requires that investors go beyond the scope of conventional diligence and ensure that risks posed by cybersecurity issues are adequately considered and actioned appropriately. By identifying and mitigating risks in advance, the acquiring company gains assurance around the value of their investment, while the acquired company is given the opportunity to remediate vulnerabilities identified throughout the process – safeguarding their valuation and remaining an attractive investment prospect.
The Importance of Cybersecurity M&A Due Diligence
Read More
European and UK regulators are increasingly focusing on the financial crime risks within the payments sector. All of these call on payments institutions, electronic money institutions (“EMIs...
Navigating PE Success in a New M&A Landscape
Alex Deane, Head of UK Public Affairs, explains why political due diligence is such a vital part of the M&A process.
M&A and Political
Due Diligence
Mike Driscoll, Senior Managing Director, Cybersecurity, on the tools, methods and technology that are changing the nature of white-collar fraud — and how companies can get ahead of the challenge to maintain a secure environment.
Cybersecurity and White-Collar Crime
Tom Becker, Senior Managing Director, US Crisis Communication outlines the first steps a GC needs to take when a crisis occurs, and how to use a crisis to improve a company.
How a GC Can Turn a Challenge Into an Opportunity