The Modern General Counsel
The role of the modern General Counsel has evolved in both scope and prominence. As vital legal and business advisors, today’s General Counsel are leading the charge in navigating an increasingly complex macroeconomic, regulatory and geopolitical environment.
lead the way
Featured Insights
When the Black Swan Comes From Within
Social and technological changes have elevated the amount of potential harm a rogue employee can do. Knowing the best approach to take can minimize the fallout and even mitigate future risks.
Read More
More Than Mere Survival: The GC’s Role in Moving Beyond Crisis
Read More
In-house counsel should coordinate inside leaders and outside advisors to respond to a crisis. But they also have a role in longer-term response.
Sign up for The Modern General Counsel Executive Newsletter
Subscribe Now
Missteps the GC Should Avoid in the First 48 Hours of a Crisis
Read More
The first 48 hours of a corporate crisis presents a complex web of risk and challenges for the general counsel (GC).
The GC and ESG: From Great Risk Comes Great Opportunity
Read More
As ESG standards evolve, so too does the role of the general counsel, with many already in charge of identifying and tracking certain corporate ESG performance metrics.
Preparing for the Inevitable Black Swan
Read More
The Expert Briefing with FTI Cybersecurity
FTI Consulting is the firm General Counsel call on when their most important issues are at stake.
Advisor to 99 of the world’s 100 largest law firms
Adviser to 99 of the world’s top 100 law firms
High-profile cybersecurity and data privacy threats are pervasive and sophisticated. Explore our insights discovery tool to get personalized recommendations on how you can safeguard privacy, maintain governance, ensure regulatory compliance and protect against bad actors.
Get Started
82 of the Fortune 100 corporations are clients
82 of Fortune 100 companies are clients
Advisor to the world’s top 50 banking holding companies
Advisor to 50 of the top 100 private equity firms on the PEI 300 list
Adviser to 50 of the top 100 private equity firms on the Private Equity International 300 list.
7,600 Employees worldwide
Employees worldwide (as of April 2023)
Offices in 85 cities across the globe
Offices in 83 cities across the globe (as of April 2023)
All Awards
View All General Counsel Insights
Mitigating Risk and
Building Resilience
The role of the General Counsel is most visible when a company is facing pivotal value creation or destruction – times of major opportunities, such as a megamerger or regulatory approval to bring an innovation to market, and times of crisis, such as a cyber breach or internal investigation. At moments of crises and opportunities, it is important that the General Counsel has a trusted partner with the expertise and experience to help lead the way.
How do your cybersecurity
and data privacy strategies stack up?
Select the topic that is top of mind for you, then tell us where you are on your journey to receive a personalized reading recommendation:
Managing & Guiding Communications
Incident Response Plans
Third-Party Security Risk
Select the topics that matter to you, and get personalized insights to help you lead the way in a rapidly evolving risk landscape.
Does your organization have a process for managing and guiding communications in the event of a cybersecurity incident?
Yes
No
I don’t know
Build resilience in a rapidly evolving cyber risk landscape.
GC Newsletter
High-profile cybersecurity threats are pervasive and sophisticated. Get the expert perspectives you need to safeguard privacy, maintain governance, ensure regulatory compliance and protect against bad actors.
Share Quiz
Restart the Quiz
The Modern General Counsel
The scope and prominence of the general counsel role continues to grow. Get the expert perspectives you need to build resilience in a rapidly evolving risk landscape.
Meet an Expert
Share on LinkedIn
Share on Twitter
One of America’s Best Management Consulting Firms
Forbes
Consulting Firm of the Year
Who’s Who Legal
#1 Expert Witness Firm on GAR 100 Expert Witness Firm's Power Index
Global Arbitration Review
One of the World’s Best Management Consulting Firms
Forbes
Leader of the Who’s Who Legal Arbitration: Expert Witnesses List
Who’s Who Legal
Global Turnaround Consulting Firm of the Year
Global M&A Network
Crisis Communications Firm of the Year
Global M&A Network
Leader in the Litigation Support Guide
Chambers and Partners
One of America’s Most Just Companies
Just Capital and CNBC
Communications Firm of the Year
The M&A Advisor
#1 U.S. Restructuring Adviser
The Deal
Leader in Crisis & Risk Management Guide
Chambers and Partners
FTI Consulting is the firm General Counsel call on when their most important issues are at stake.
Advisor to 99 of the world’s 100 largest law firms99 of the world’s top 100 law firms
Adviser to 99 of the world’s top 100 law firms
82 of the Fortune 100 corporations are clients
82 of Fortune 100 companies are clients
Adviser to 50 of the world’s top 50 bank holding companies
Adviser to 50 of the world’s top 50 bank holding companies
Adviser to 50 of the top 100 private equity firms on the Private Equity International 300 list.
Adviser to 50 of the top 100 private equity firms on the Private Equity International 300 list.
Employees worldwide (as of April 2023)
Employees worldwide (as of April 2023)
Offices in 83 cities across the globe (as of April 2023)
Offices in 83 cities across the globe (as of April 2023)
All Awards
Meet Our Experts
Meet our Experts
Regardless of scale, every company stands to experience a crisis sooner or later. The difference between survival and extincion often boils down to how effectively the company can react and how it handles the fallout.
View All General Counsel Insights
Compass Lexecon was engaged to provide economic analysis and expert testimony on the deal’s impact on competition and procompetitive efficiencies in the gaming industry.
Overview
Process
Compass Lexecon expert, Professor Dennis W. Carlton, testified before the federal court that the FTC expert’s economic analysis was flawed, relied on unsupported assumptions, and failed to show that the transaction would lead to unfair competition and foreclosure of Activision Blizzard’s content from Microsoft rivals.
Result
Compass Lexecon’s economic analysis and expert testimony identified deal-specific benefits, including expanded access to Activision Blizzard’s gaming content, lower costs for gamers and increased incentives for investment in game development.
Our Role
Data Privacy
In December 2022, the U.S. Federal Trade Commission (“FTC”) filed a complaint in the federal court in California to halt Microsoft’s acquisition of Activision Blizzard, citing antitrust concerns.
Situation
FTI Consulting subsidiary Compass Lexecon secures a landmark victory for clients Microsoft and Activision Blizzard, a leading game developer and publisher, in a highly contested vertical merger, the largest technology merger in history.
Microsoft and Activision Prevail in Landmark Merger Case
Microsoft & Activision
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
Colonial Pipeline successfully navigated the largest ransomware attack in U.S. history and prevented the pipeline shutdown from delivering major and lasting economic impacts along the East Coast through constant government, public and media engagement.
In 2022, Colonial Pipeline received the Silver Anvil Award of Excellence from the Public Relations Society of America for its communications response to the ransomware attack and navigating a national crisis.
The Impact
Colonial Pipeline
FTI Consulting provided the company early counsel on key stakeholder engagement and helped guide the organization’s communications through the initial days and weeks following the restart of the system.
The FTI Consulting team supported the development and execution of a crisis communications strategy, produced materials for company stakeholders, supported daily briefings to senior government officials in the White House and Department of Energy and managed the company’s media engagement, which included more than 1,000 inquiries.
FTI Consulting supported the company in the months following the event as it worked through the system hardening and data recovery phases, which included employee, customer and shipper notifications. The team also helped prepare the CEO to testify before two congressional committees about the company’s response to the ransomware attack.
Colonial Pipeline spans 5,500 miles across 14 states and serves some of the largest airports along the East Coast while providing just under 50 percent of the transportation fuels that power a large part of the country. In May 2021, it faced a ransomware attack that targeted its IT systems. While the cyber attack did not affect the operational technology systems that control the pipeline itself, Colonial Pipeline proactively shut down the system to prevent the ransomware from potentially spreading. The pipeline system ended up being offline for five days, creating a number of communication challenges the company had to navigate. FTI Consulting’s Strategic Communications segment was engaged to help the company navigate through the cyber attack, involving two distinct mandates: responding to the ransomware attack and the communications around the pipeline restart process.
When faced with one of the most high-profile ransomware attacks in U.S. history, Colonial Pipeline – the largest refined products pipeline operator in the country – turned to FTI Consulting for strategic communications counsel and expertise.
Colonial Pipeline Rewrites the Rules of Cyber Crisis Communications
Colonial Pipeline
Case Study
Colonial Pipeline successfully navigated the largest ransomware attack in U.S. history and prevented the pipeline shutdown from delivering major and lasting economic impacts along the East Coast through constant government, public and media engagement.
FTI Consulting provided the company early counsel on key stakeholder engagement and helped guide the organization’s communications through the initial days and weeks following the restart of the system.
The FTI Consulting team supported the development and execution of a crisis communications strategy, produced materials for company stakeholders, supported daily briefings to senior government officials in the White House and Department of Energy and managed the company’s media engagement, which included more than 1,000 inquiries.
FTI Consulting supported the company in the months following the event as it worked through the system hardening and data recovery phases, which included employee, customer and shipper notifications. The team also helped prepare the CEO to testify before two congressional committees about the company’s response to the ransomware attack.
Colonial Pipeline spans 5,500 miles across 14 states and serves some of the largest airports along the East Coast while providing just under 50 percent of the transportation fuels that power a large part of the country. In May 2021, it faced a ransomware attack that targeted its IT systems. While the cyber attack did not affect the operational technology systems that control the pipeline itself, Colonial Pipeline proactively shut down the system to prevent the ransomware from potentially spreading. The pipeline system ended up being offline for five days, creating a number of communication challenges the company had to navigate. FTI Consulting’s Strategic Communications segment was engaged to help the company navigate through the cyber attack, involving two distinct mandates: responding to the ransomware attack and the communications around the pipeline restart process.
Situation
When faced with one of the most high-profile ransomware attacks in U.S. history, Colonial Pipeline – the largest refined products pipeline operator in the country – turned to FTI Consulting for strategic communications counsel and expertise.
Colonial Pipeline Rewrites the Rules of Cyber Crisis Communications
Colonial Pipeline
Case Study
FTI Consulting provided the company early counsel on key stakeholder engagement and helped guide the organization’s communications through the initial days and weeks following the restart of the system.
The FTI Consulting team supported the development and execution of a crisis communications strategy, produced materials for company stakeholders, supported daily briefings to senior government officials in the White House and Department of Energy and managed the company’s media engagement, which included more than 1,000 inquiries.
FTI Consulting supported the company in the months following the event as it worked through the system hardening and data recovery phases, which included employee, customer and shipper notifications. The team also helped prepare the CEO to testify before two congressional committees about the company’s response to the ransomware attack.
Colonial Pipeline spans 5,500 miles across 14 states and serves some of the largest airports along the East Coast while providing just under 50 percent of the transportation fuels that power a large part of the country. In May 2021, it faced a ransomware attack that targeted its IT systems. While the cyber attack did not affect the operational technology systems that control the pipeline itself, Colonial Pipeline proactively shut down the system to prevent the ransomware from potentially spreading. The pipeline system ended up being offline for five days, creating a number of communication challenges the company had to navigate. FTI Consulting’s Strategic Communications segment was engaged to help the company navigate through the cyber attack, involving two distinct mandates: responding to the ransomware attack and the communications around the pipeline restart process.
Situation
When faced with one of the most high-profile ransomware attacks in U.S. history, Colonial Pipeline – the largest refined products pipeline operator in the country – turned to FTI Consulting for strategic communications counsel and expertise.
Colonial Pipeline Rewrites the Rules of Cyber Crisis Communications
Colonial Pipeline
Case Study
Our Impact
Our Role
Situation
Introduction
Take Quiz
ARE YOU PREPARED FOR A CYBER INCIDENT?
FTI Consulting Senior Advisor Matthew Layton discusses the main themes at the World Economic Forum through the General Counsel lens.
How Global Issues
Impact the Modern GC
Cybersecurity & Data Privacy
Safeguarding Through Crises
Read More
Cyber risks and threats related to advanced technologies such as artificial intelligence, blockchain, cryptocurrency and metaverse environments require o...
Balancing Innovation and Risk Management: The General Counsel’s Role in Driving Digital Transformation
Read More
If your company is publicly traded in the U.S. — whether headquartered in the U.S. or abroad — new cybersecurity and disclosure rules apply.
The SEC’s Revised Cybersecurity Rules Have Global Reach
Read More
The Federal Trade Commission, with the concurrence of the Antitrust Division of the U.S. Department of Justice, recently entered a 60-day comment period for propose...
Global Regulators Squeeze Merger Control as FTC Proposes Strict Revisions to Guidelines
Download Report
Senior Managing Director Wendy King discusses highlights from the 2023 General Counsel Report.
Global Legal Departments Alleviate and Respond to Critical Pressure Points
The Expert Briefing with FTI Cybersecurity
Access Event Replay
On June 15, 2023, FTI Consulting and WSJ Custom Events invited Deputy Attorney General Lisa Monaco to speak on the general counsel’s role as the bridge between regulators and the C-suite.
The New Regulatory Roadmap:
Lisa Monaco in Conversation with David Kline
View All General Counsel Insights
Anthony J. Ferrante, Global Head of Cybersecurity and Former Director for Cyber Incident Response at the National Security Council at the White House, on why General Counsel should engage with external cybersecurity experts.
Why GCs Should Engage with External Cybersecurity Experts
Lars Faeste, Chairman of FTI Consulting’s EMEA region, explains why companies need to test resilience for extreme events — and what management teams can do to ensure they can act quickly when the unexpected happens.
Preparing for the Inevitable Black Swan Event
Mike Driscoll, Senior Managing Director, Cybersecurity, on the tools, methods and technology that are changing the nature of white-collar fraud — and how companies can get ahead of the challenge to maintain a secure environment.
Cybersecurity and White-Collar Crime
View All General Counsel Insights
Microsoft & Activision
How do your cybersecurity and data privacy strategies stack up?
Adviser to 50 of the world’s top 50 bank holding companies
3. The Impact
2. Our Role
1. Situation
Introduction
Our Role
Judge Jacqueline Scott Corley of the United States District Court for the Northern District of California denied the FTC’s request for a preliminary injunction, ruling that the FTC had failed to demonstrate that it would likely prevail in its claim that the proposed merger would substantially lessen competition and that, in contrast to the FTC’s claims, there would be more consumer access to Activision content following the merger. The U.S. Appeals Court for the 9th Circuit then denied the FTC’s appeal, thereby allowing the acquisition to close.
Diagnosis
Recommendations
Judge Corley repeatedly referenced Professor Carlton’s testimony in her opinion criticizing the FTC expert’s analysis and acknowledged several post-transaction benefits noted in Professor Carlton’s testimony.
Execution
Judge Corley’s opinion relied on several recent challenges to vertical mergers where judges ruled for the defendants — United States of America v. AT&T Inc., DirecTV Group Holdings, LLC, and Time Warner Inc.; Federal Trade Commission v. Meta Platforms, Inc.; and the FTC ALJ opinion in In the Matter of Illumina, Inc. and Grail, Inc. — all of which are cases where Professor Carlton served as an economic expert for the merging parties.
The Impact
The FTC alleged that the deal would allow Xbox-maker Microsoft to suppress competition in the gaming industry and monopolize Activision Blizzard’s popular game titles such as World of Warcraft and Call of Duty. Microsoft and Activision Blizzard retained FTI Consulting subsidiary Compass Lexecon to respond to FTC’s complaint.
Digital Risk
Data Protection Regulations
Meet an Expert
Share
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Colonial Pipeline
Hertz
Execution
Hertz successfully de-fleeted approximately 200,000 vehicles, facilitating the repayment of USD$4.3 billion in debt principal and sold its Donlen business for approximately USD$875 million.
Recommendations
Hertz successfully negotiated many key aspects of its capital structure, including USD$1.65 billion in funds for general corporate purposes and critical fleet equity needs.
In June 2021, Hertz announced that it had successfully completed its Chapter 11 restructuring process and “emerged as a financially and operationally stronger company that is well-positioned for the future.”
Diagnosis
The Impact
FTI Consulting was engaged by Hertz to develop its Chapter 11 plan and support its domestic and international restructuring activities.
Leveraging its global footprint, FTI Consulting deployed more than 150 experts across the U.S., UK, Germany, France, Italy, Spain and Australia to support the engagement.
Overview
Process
FTI Consulting assisted with cash forecasting and liquidity management; oversaw vendor- and supplier-related matters; and prepared a quality-of-earnings report for the sale of Hertz’s Donlen subsidiary.
Result
FTI Consulting’s team of experts managed diligence activities and communications with financial and legal advisors and provided a temporary senior-level accounting resource, among other activities.
Our Role
Data Privacy
Our Role
Following the outbreak of COVID-19 and associated travel restrictions, Hertz experienced a severe decline in its global business and mounting liquidity demands, while its vehicle financing structure required significant monthly mark-to-market payments.
Despite undertaking various liquidity initiatives, such as reducing vehicle purchase commitments, securing airport concession deferrals and abatements, and implementing furloughs and terminations, Hertz filed for Chapter 11 in May 2020.
Situation
When COVID-19 put a pause on travel, Hertz was forced to file for bankruptcy to protect its business. In its moment of truth, Hertz enlisted FTI Consulting to support its global restructuring activity.
Hertz Gets Its Wheels Back in Motion
Hertz
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
Madoff Recovery
Execution
Judge Corley’s opinion relied on several recent challenges to vertical mergers where judges ruled for the defendants — United States of America v. AT&T Inc., DirecTV Group Holdings, LLC, and Time Warner Inc.; Federal Trade Commission v. Meta Platforms, Inc.; and the FTC ALJ opinion in In the Matter of Illumina, Inc. and Grail, Inc. — all of which are cases where Professor Carlton served as an economic expert for the merging parties.
Recommendations
Recoveries from the Madoff Recovery Initiative far exceed similar efforts related to prior Ponzi schemes both in terms of dollar value and percentage of stolen funds recovered.¹
FTI Consulting’s work allowed the Trustee to recover more than $14.5 billion to date, representing over 80% of the stolen funds.
Diagnosis
The Impact
FTI Consulting was engaged by Irving Picard, the Trustee, and BakerHostetler, the Trustee’s counsel, to investigate the financial affairs, identify and analyze the massive amounts of financial documents and data, and provide forensic accounting analysis and expert testimony to help the Trustee recover the stolen funds.
Overview
Process
The teams reconstructed books and records, determined amounts deposited and withdrawn from thousands of customer accounts and analyzed hundreds of millions of transactions.
Result
With the Trustee, the teams investigated more than 16,500 claims, ultimately allowing more than 2,600.
Provided litigation support, including serving as expert witnesses, for more than 1,000 lawsuits, including two actions that reached the Supreme Court of the United States.
Our Role
Data Privacy
Our Role
In December 2008, Bernie Madoff admitted that the Investment Advisory business within his firm was a Ponzi scheme, setting off his arrest and a chain reaction of events throughout the financial services world and philanthropic communities.¹
A Trustee under the Securities Investor Protection Act was appointed to liquidate Madoff’s firm and to recover the proceeds from his Ponzi scheme. ²
Situation
Bernard Madoff's unprecedented fraud spanned decades and defrauded thousands of investors of approximately USD$20 billion.
Unwinding the World’s Largest Ponzi Scheme
Madoff Recovery
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
WELLS FARGO
Execution
Wells Fargo has since regained most of its market capitalization (approximately $210 billion as of January 2022), and it remains one of the largest banks in the United States.
Recommendations
These reforms helped the bank avoid criminal prosecution and were referenced in its $3 billion settlement with the U.S. government in February 2020.
Wells Fargo’s Board of Directors report, with numerous citations to FTI Consulting’s work, was publicly issued and led to wide-ranging reforms of Wells Fargo’s internal practices.
Diagnosis
The Impact
Our forensic accounting and data analytics experts examined millions of records spread across multiple platforms, looking back a decade and a half for relevant data.
Overview
Process
Wells Fargo’s Board of Directors issued a report into Wells Fargo’s sales practices based on FTI Consulting’s and Shearman & Sterling’s findings. FTI Consulting conducted over 50 interviews and analyzed consumer bank data from millions of accounts to uncover underlying issues ranging from decentralized processes to poor corporate culture.
Result
As part of this investigation, the team met with dozens of attorneys, including Wells Fargo’s in-house counsel and several firms representing Wells Fargo. FTI Consulting’s professionals also presented findings and responded to requests from attorneys at numerous government agencies, including the SEC, civil and criminal divisions of the DOJ, and the California Attorney General’s office.
Our Role
Data Privacy
Our Role
Wells Fargo shocked the nation when it announced it had fired 5,300 employees over several years for creating millions of fake customer accounts in a cross-selling practice to meet extremely aggressive sales quotas. Decades of reputational and brand value quickly evaporated as Wells Fargo made headlines for the size and scope of the sales practices and the subsequent resignations of both its CEO and COO.
Situation
Facing one of the largest instances of alleged customer fraud in U.S. banking history, Wells Fargo’s Board of Directors engaged FTI Consulting and global law firm Shearman & Sterling to conduct an independent investigation into how these alleged events occurred and help restore the bank’s reputation and enterprise value.
FTI Consulting Insights Help Wells Fargo Reform and Recover
Wells Fargo
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
Situation
Our Role
Data Privacy
Our Role
The Impact
I don’t know
No
Yes
Ensure your playbook is ready for action.
As we have seen from many high-profile incidents, an organization is generally not criticized because a cybersecurity incident has occurred, but criticism is often leveled at the organization’s response. How an organization chooses to respond can have significant reputational and financial implications which can linger long after the cyber issue has been resolved.
Briefing on Cybersecurity Crisis Communications: Five Key Takeaways
Yes
No
Prepared companies project confidence in moments of crisis.
Having a comms process in place that mitigates reputational risk and keeps stakeholders informed is a critical first step. And that includes ensuring that your review and approvals process is streamlined. See how companies can strengthen their cybersecurity messaging and preparedness across a cyber event’s life cycle.
What to Say to Your Stakeholders When You’ve Been Hacked (...)
I don’t know
Yes
No
I don’t know
All organizations are vulnerable to cybersecurity risk.
You cannot control whether you will be the victim of a cyber attack, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and financial standing. Waiting until an incident has occurred to act is too late.
Ransomware Investigation for Aviation Engineering Company
How Counsel Can Effectively Lead Data Breach Investigations
Legal professionals act as the interlocutor between disparate technical teams — from understanding cyber insurance policies to reporting to the appropriate regulatory authorities in multiple jurisdictions. This reliance on the general counsel inevitably places significant pressure on that individual to quickly gain control of complex and technical subject matter during a time that is already typified by an extreme lack of information.
GCs are increasingly positioned at the center of cyber incidents.
I don’t know
No
Yes
I don’t know
Critical Data Breach Preparedness to Implement Now
According to FTI Consulting’s 2022 Resilience Barometer survey, for the fourth year in a row, the number of G20 companies impacted by a cyber incident increased by 6% over the prior year to 84%. Despite this increase, organizations often have outdated incident response plans, creating a disjoined approach to mitigating risk and combating threats.
Prepared companies project confidence in moments of crisis.
No
Yes
I don’t know
No
A Little Calm Goes a Long Way After a Cyber Attack
No matter how thorough your plan, collaboration is key, because the model for compliance and cybersecurity ties a variety of groups together to handle different situations. And there are a lot of elements after an attack that require cross-departmental organization, from IT to comms to your general counsel.
A well-crafted cyber readiness plan is critical. But that’s only the first step.
Yes
I don’t know
No
Yes
Does your organization have regularly tested incident response plans that are specific to different types of incidents (e.g., insider threat, ransomware, business email compromise)?
Share
Meet an Expert
Select the topics that matter to you, and get personalized insights to help you lead the way in a rapidly evolving risk landscape.
Investigation of Application Controls for a Global Financial Institution
Many organizations believe the answer to third-party cyber risk management is achieving compliance, but compliance alone does not address new threats. Cyber actors are constantly evolving and developing new attack methods, demonstrating the need for protections to also follow this more agile, evolutionary path. If you protect against what has already happened and fail to prepare for what is yet to come, you will forever be vulnerable.
GCs are expected to manage cyber risk, including from third parties.
Not Confident
Somewhat Confident
Very Confident
Not Confident
Addressing Third-Party Cyber Risk: Moving Beyond a False Sense of Security
Third-party cyber risk is a unique issue in that while most organizations are aware of the significant threat it poses, many fail to implement an adequate risk mitigation strategy. The more third parties within an organization’s digital ecosystem, the more opportunities there are for breaches to occur and for threat actors to exploit and steal or expose data. Organizations are unprepared, and there is a disconnect between having awareness of a problem and the ability to manage it.
Moving beyond a false sense of security
Somewhat Confident
Very Confident
Not Confident
Somewhat Confident
10 Cyber Risks and Realities We’re Seeing This Year — And Beyond
Third-party cyber risk is just one of many threats that GCs need to consider. Opportunity is often the driving force behind cyber attacks. Threat actors know how to seize any moment and adjust their means of attack on the fly. An industry or organization not currently in the crosshairs of a threat actor can find itself there in a heartbeat. But by creating a cybersecurity program that’s based on readiness and resilience, GCs can help position organizations to handle a variety of cyber attack types.
The threat landscape is always changing. Have you considered these risks?
Very Confident
Not Confident
Somewhat Confident
Very Confident
How confident are you in understanding your organization's third-party cybersecurity risk and the implications to your organization should a connected entity suffer an incident?
Share
Meet an Expert
Select the topics that matter to you, and get personalized insights to help you lead the way in a rapidly evolving risk landscape.
Building Effective Cybersecurity Governance
Today’s general counsel must find a way to manage risk and compliance, while ensuring efficient and cost-effective operations across their departments.
An intense digital risk landscape has placed complex demands on legal teams
Legal
Information Technology
Compliance & Risk
Legal
Nine Tips to Achieve Secure IT Infrastructure
Everything in business today involves data or creates implications for it. And as data has become the foundation for modern commerce and communication, digital risk has quite rapidly surpassed all other areas of corporate risk as the major concern.
IT is a critical first line of defense against privacy and security risks.
Information Technology
Compliance & Risk
Legal
Information Technology
A New Era of Risk: Defining Digital Insights & Risk Management
Regulatory inquiries, litigation and data subject access requests could cripple business operations logistically, financially and reputationally if organizations aren’t prepared to manage them.
Risks from unprecedented data issues have become the new imperative.
Compliance & Risk
Legal
Information Technology
What department owns digital risk
in your organization?
Share
Meet an Expert
Select the topics that matter to you, and get personalized insights to help you lead the way in a rapidly evolving risk landscape.
A Guide to Data Breach Reporting Obligations
The data privacy regulatory landscape is varied and in a perpetual state of change. Without a formalized data privacy program, missteps are easy to make when the full scope of requirements are unclear and planning is difficult when new laws may crop up at any time.
Step by step, teams can shift from being reactive to making privacy a priority.
We do not monitor this proactively
Yes, but it is ad-hoc
Yes, it is part of our formalized data privacy program
Not sure
Data Subject Requests and the GDPR: Steps to Prepare
With more than 130 data protection regulations already in place and more emerging all the time, achieving and maintaining privacy compliance has become one of the most challenging imperatives in global business today.
Evolving privacy regulations demand dedicated, proactive attention.
Yes, but it is ad-hoc
Yes, it is part of our formalized data privacy program
We do not monitor this proactively
Yes, but it is ad-hoc
The Perfect Storm: AdTech, Privacy and Digital Advertising
Data privacy is (slowly) shifting from being viewed as a burden to being embraced as a strategic enabler. At the same time, mature programs must keep pace with new areas of enforcement.
Mature data privacy programs drive enterprise value and trust.
Yes, it is part of our formalized data privacy program
Not sure
Yes, but it is ad-hoc
Yes, it is part of our formalized data privacy program
Does your organization have a process for monitoring and responding to data protection regulations as they arise and change?
Share
Meet an Expert
Select the topics that matter to you, and get personalized insights to help you lead the way in a rapidly evolving risk landscape.
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Other/Don't know
A New Era of Risk: Defining Digital Insights & Risk Management
Given that the definition of digital risk is both broad and vague, it is perhaps unsurprising that ownership is also unclear. A wide range of titles are expected to manage digital risk, including chief technology officers, chief information security officers, chief information officers, chief risk officers, chief compliance officers and chief data officers.
Digital risk encompasses every aspect of how organizations collect, generate, use and store data.
Other/Don’t Know
Information Technology
Compliance & Risk
Other/Don't know
Other/Don’t Know
Other/Don’t Know
Legal
We do not monitor this proactively
Not sure
We do not monitor this proactively
Not sure
We do not monitor this proactively
Privacy and Innovation: Reflections on Recent Data Privacy Events
Privacy is a rapidly maturing field and organizations are making steady progress in establishing programs or improving maturity. A key goal should be to move beyond compliance to build data protection, transparency, trust and consumer privacy into the fabric of corporate culture and business-as-usual operations.
Data privacy risk touches many aspects of business risk and exposure.
Not sure
Yes, but it is ad-hoc
Yes, it is part of our formalized data privacy program
Compliance & Risk
All Awards
Case Studies
Hertz
Our Role
Diagnosis
Recommendations
Execution
Judge Corley’s opinion relied on several recent challenges to vertical mergers where judges ruled for the defendants — United States of America v. AT&T Inc., DirecTV Group Holdings, LLC, and Time Warner Inc.; Federal Trade Commission v. Meta Platforms, Inc.; and the FTC ALJ opinion in In the Matter of Illumina, Inc. and Grail, Inc. — all of which are cases where Professor Carlton served as an economic expert for the merging parties.
Execution
Recommendations
Diagnosis
The Impact
In 2022, Colonial Pipeline received the Silver Anvil Award of Excellence from the Public Relations Society of America for its communications response to the ransomware attack and navigating a national crisis.
Colonial Pipeline successfully navigated the largest ransomware attack in U.S. history and prevented the pipeline shutdown from delivering major and lasting economic impacts along the East Coast through constant government, public and media engagement.
Judge Corley’s opinion relied on several recent challenges to vertical mergers where judges ruled for the defendants — United States of America v. AT&T Inc., DirecTV Group Holdings, LLC, and Time Warner Inc.; Federal Trade Commission v. Meta Platforms, Inc.; and the FTC ALJ opinion in In the Matter of Illumina, Inc. and Grail, Inc. — all of which are cases where Professor Carlton served as an economic expert for the merging parties.
Execution
Recommendations
Judge Corley repeatedly referenced Professor Carlton’s testimony in her opinion criticizing the FTC expert’s analysis and acknowledged several post-transaction benefits noted in Professor Carlton’s testimony.
Judge Jacqueline Scott Corley of the United States District Court for the Northern District of California denied the FTC’s request for a preliminary injunction, ruling that the FTC had failed to demonstrate that it would likely prevail in its claim that the proposed merger would substantially lessen competition and that, in contrast to the FTC’s claims, there would be more consumer access to Activision content following the merger. The U.S. Appeals Court for the 9th Circuit then denied the FTC’s appeal, thereby allowing the acquisition to close.
Diagnosis
The Impact
Compass Lexecon’s economic analysis and expert testimony identified deal-specific benefits, including expanded access to Activision Blizzard’s gaming content, lower costs for gamers and increased incentives for investment in game development.
Result
Compass Lexecon expert, Professor Dennis W. Carlton, testified before the federal court that the FTC expert’s economic analysis was flawed, relied on unsupported assumptions, and failed to show that the transaction would lead to unfair competition and foreclosure of Activision Blizzard’s content from Microsoft rivals.
Process
Compass Lexecon was engaged to provide economic analysis and expert testimony on the deal’s impact on competition and procompetitive efficiencies in the gaming industry.
Overview
Our Role
In December 2022, the U.S. Federal Trade Commission (“FTC”) filed a complaint in the federal court in California to halt Microsoft’s acquisition of Activision Blizzard, citing antitrust concerns.
The FTC alleged that the deal would allow Xbox-maker Microsoft to suppress competition in the gaming industry and monopolize Activision Blizzard’s popular game titles such as World of Warcraft and Call of Duty. Microsoft and Activision Blizzard retained FTI Consulting subsidiary Compass Lexecon to respond to FTC’s complaint.
Situation
FTI Consulting subsidiary Compass Lexecon secures a landmark victory for clients Microsoft and Activision Blizzard, a leading game developer and publisher, in a highly contested vertical merger, the largest technology merger in history.
Microsoft and Activision Prevail in Landmark Merger Case
Microsoft & Activision
Case Study
The Impact
Our Role
Situation
Introduction
Hertz successfully de-fleeted approximately 200,000 vehicles, facilitating the repayment of USD$4.3 billion in debt principal and sold its Donlen business for approximately USD$875 million.
Execution
Recommendations
Judge Corley repeatedly referenced Professor Carlton’s testimony in her opinion criticizing the FTC expert’s analysis and acknowledged several post-transaction benefits noted in Professor Carlton’s testimony.
In June 2021, Hertz announced that it had successfully completed its Chapter 11 restructuring process and “emerged as a financially and operationally stronger company that is well-positioned for the future.”
Diagnosis
The Impact
FTI Consulting’s team of experts managed diligence activities and communications with financial and legal advisors and provided a temporary senior-level accounting resource, among other activities.
Result
FTI Consulting assisted with cash forecasting and liquidity management; oversaw vendor- and supplier-related matters; and prepared a quality-of-earnings report for the sale of Hertz’s Donlen subsidiary.
Process
FTI Consulting was engaged by Hertz to develop its Chapter 11 plan and support its domestic and international restructuring activities.
Leveraging its global footprint, FTI Consulting deployed more than 150 experts across the U.S., UK, Germany, France, Italy, Spain and Australia to support the engagement.
Overview
Our Role
Following the outbreak of COVID-19 and associated travel restrictions, Hertz experienced a severe decline in its global business and mounting liquidity demands, while its vehicle financing structure required significant monthly mark-to-market payments.
Despite undertaking various liquidity initiatives, such as reducing vehicle purchase commitments, securing airport concession deferrals and abatements, and implementing furloughs and terminations, Hertz filed for Chapter 11 in May 2020.
Situation
When COVID-19 put a pause on travel, Hertz was forced to file for bankruptcy to protect its business. In its moment of truth, Hertz enlisted FTI Consulting to support its global restructuring activity.
Hertz Gets Its Wheels Back in Motion
Hertz
Case Study
The Impact
Our Role
Situation
Introduction
Hertz successfully de-fleeted approximately 200,000 vehicles, facilitating the repayment of USD$4.3 billion in debt principal and sold its Donlen business for approximately USD$875 million.
Execution
Recoveries from the Madoff Recovery Initiative far exceed similar efforts related to prior Ponzi schemes both in terms of dollar value and percentage of stolen funds recovered.³
FTI Consulting’s work allowed the Trustee to recover more than $14.5 billion to date, representing over 80% of the stolen funds.
The Impact
With the Trustee, the teams investigated more than 16,500 claims, ultimately allowing more than 2,600.
Provided litigation support, including serving as expert witnesses, for more than 1,000 lawsuits, including two actions that reached the Supreme Court of the United States.
Result
The teams reconstructed books and records, determined amounts deposited and withdrawn from thousands of customer accounts and analyzed hundreds of millions of transactions.
Process
FTI Consulting was engaged by Irving Picard, the Trustee, and BakerHostetler, the Trustee’s counsel, to investigate the financial affairs, identify and analyze the massive amounts of financial documents and data, and provide forensic accounting analysis and expert testimony to help the Trustee recover the stolen funds.
Overview
Our Role
In December 2008, Bernie Madoff admitted that the Investment Advisory business within his firm was a Ponzi scheme, setting off his arrest and a chain reaction of events throughout the financial services world and philanthropic communities.¹
A Trustee under the Securities Investor Protection Act was appointed to liquidate Madoff’s firm and to recover the proceeds from his Ponzi scheme.²
Situation
Bernard Madoff's unprecedented fraud spanned decades and defrauded thousands of investors of approximately USD$20 billion.
Unwinding the World’s Largest Ponzi Scheme
Madoff Recovery
Case Study
The Impact
Our Role
Situation
Introduction
Wells Fargo has since regained most of its market capitalization (approximately $210 billion as of January 2022), and it remains one of the largest banks in the United States.
Execution
These reforms helped the bank avoid criminal prosecution and were referenced in its $3 billion settlement with the U.S. government in February 2020.
Recommendations
Wells Fargo’s Board of Directors report, with numerous citations to FTI Consulting’s work, was publicly issued and led to wide-ranging reforms of Wells Fargo’s internal practices.
Diagnosis
The Impact
As part of this investigation, the team met with dozens of attorneys, including Wells Fargo’s in-house counsel and several firms representing Wells Fargo. FTI Consulting’s professionals also presented findings and responded to requests from attorneys at numerous government agencies, including the SEC, civil and criminal divisions of the DOJ, and the California Attorney General’s office.
Result
Wells Fargo’s Board of Directors issued a report into Wells Fargo’s sales practices based on FTI Consulting’s and Shearman & Sterling’s findings. FTI Consulting conducted over 50 interviews and analyzed consumer bank data from millions of accounts to uncover underlying issues ranging from decentralized processes to poor corporate culture.
Process
Our forensic accounting and data analytics experts examined millions of records spread across multiple platforms, looking back a decade and a half for relevant data.
Overview
Our Role
Wells Fargo shocked the nation when it announced it had fired 5,300 employees over several years for creating millions of fake customer accounts in a cross-selling practice to meet extremely aggressive sales quotas. Decades of reputational and brand value quickly evaporated as Wells Fargo made headlines for the size and scope of the sales practices and the subsequent resignations of both its CEO and COO. FTI Consulting and Shearman & Sterling were retained by a special committee of Wells Fargo’s Board of Directors to conduct an independent investigation and give the Board of Directors more clarity on what happened and the actions to take going forward to restore credibility with impacted stakeholders.
Situation
Facing one of the largest instances of alleged customer fraud in U.S. banking history, Wells Fargo’s Board of Directors engaged FTI Consulting and global law firm Shearman & Sterling to conduct an independent investigation into how these alleged events occurred and help restore the bank’s reputation and enterprise value.
FTI Consulting Insights
Help Wells Fargo Reform
and Recover
Wells Fargo
Case Study
The Impact
Our Role
Situation
Introduction
Microsoft & Activision
Colonial Pipeline
Madoff
Wells Fargo
Microsoft & Activision
Select a Case Study
Colonial Pipeline
Hertz
Madoff Recovery
Wells Fargo
Cybersecurity & Data Privacy
Safeguarding Through Crises
Cybersecurity & Data Privacy
Safeguarding Through Crises
Select a Topic
View All General Counsel Insights
Read More
Cyber risks and threats related to advanced technologies such as artificial intelligence, blockchain, cryptocurrency and metaverse en...
The GC and ESG: From Great Risk Comes Great Opportunity
Read More
The first 48 hours of a corporate crisis presents a complex web of risk and challenges for the general counsel (GC).
Missteps the GC Should Avoid in the First 48 Hours of a Crisis
Read More
In-house counsel should coordinate inside leaders and outside advisors to respond to a crisis. But they also have a role in longer-term response.
More Than Mere Survival: The GC’s Role in Moving Beyond Crisis
Read More
Regardless of scale, every company stands to experience a crisis sooner or later. The difference between survival and extinction often boils down to how effectively the company can react and how it handles the fallout.
Preparing for the Inevitable Black Swan
Read More
On June 15, 2023, FTI Consulting and WSJ Custom Events invited Deputy Attorney General Lisa Monaco to speak on the general counsel’s role as...
When the Black Swan Comes From Within
High-profile cybersecurity and data privacy threats are pervasive and sophisticated. Explore our insights discovery tool to get personalized recommendations on how you can safeguard privacy, maintain governance, ensure regulatory compliance and protect against bad actors.
Meet an Expert
Share
Incident Response Plans
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Managing & Guiding Communications
Third-Party Security Risk
Digital Risk
Data Protection Regulations
Third-Party Security Risk
Digital Risk
Data Protection Regulations
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Share
Meet an Expert
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Share
Meet an Expert
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Share
Meet an Expert
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Share
Meet an Expert
I don't know
No
Yes
Ensure your playbook is ready for action.
As we have seen from many high-profile incidents, an organization is generally not criticized because a cybersecurity incident has occurred, but criticism is often levelled at the organization’s response. How an organisation chooses to respond can have significant reputational and financial implications which can sustain long after the cyber issue has been resolved.
Briefing on Cybersecurity Crisis Communications: Five Key Takeaways
I don't know
Yes
What to Say to Your Stakeholders When You’ve Been Hacked (Hint: Don’t Say ‘Hacked’)
Having a comms process in place that mitigates reputational risk and keeps stakeholders informed is a critical first step. And that includes ensuring that your review and approvals process is streamlined. See how companies can strengthen their cybersecurity messaging and preparedness across a cyber event’s life cycle.
Prepared companies project confidence in moments of crisis.
No
No
Ransomware Investigation for Aviation Engineering Company
You cannot control if you will be the victim of a cyber attack or not, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and financial standing. Waiting until an incident has occurred to act is too late.
All organizations are vulnerable to cybersecurity risk.
I don't know
Yes
How Counsel Can Effectively Lead Data Breach Investigations
Legal professionals act as the interlocutor between disparate technical teams — from understanding cyber insurance policies to reporting to the appropriate regulatory authorities in multiple jurisdictions. This reliance on the general counsel inevitably places significant pressure on that individual to quickly gain control of complex and technical subject matter during a time that is already typified by an extreme lack of information.
GCs are increasingly positioned at the center of cyber incidents.
I don't know
No
Yes
I don't know
Critical Data Breach Preparedness to Implement Now
According to FTI Consulting’s 2022 Resilience Barometer survey, for the fourth year in a row, the number of G20 companies impacted by a cyber incident increased by 6% over the prior year to 84%. Despite this increase, organizations often have outdated incident response plans, creating a disjoined approach to mitigating risk and combating threats.
Prepared companies project confidence in moments of crisis.
No
Yes
I don't know
No
A Little Calm Goes a Long Way After a Cyber Attack
No matter how thorough your plan, collaboration is key, because the model for compliance and cybersecurity ties a variety of groups together to handle different situations. And there are a lot of elements after an attack that require cross-departmental organization, from IT to comms to your general counsel.
A well-crafted cyber readiness plan is critical. But that’s only the first step.
Yes
I don't know
No
Yes
Does your organization have regularly tested incident response plans that are specific to different types of incidents (e.g., insider threat, ransomware, business email compromise)?
Investigation of Application Controls for a
Global Financial Institution
Many organizations believe the answer to third-party cyber risk management is achieving compliance, but compliance alone does not address new threats. Cyber actors are constantly evolving and developing new attack methods, demonstrating the need for protections to also follow this more agile, evolutionary path. If you protect against what has already happened and fail to prepare for what is yet to come, you will forever be vulnerable.
GCs are expected to manage cyber risk, including from third parties.
Not Confident
Somewhat Confident
Very Confident
Not Confident
Addressing Third-Party Cyber Risk: Moving Beyond a False Sense of Security
Third-party cyber risk is a unique issue in that while most organizations are aware of the significant threat it poses, many fail to implement an adequate risk mitigation strategy. The more third parties within an organization’s digital ecosystem, the more opportunities there are for breaches to occur and for threat actors to exploit and steal or expose data. Organizations are unprepared, and there is a disconnect between having awareness of a problem and the ability to manage it.
Moving beyond a false sense of security.
Somewhat Confident
Very Confident
Not Confident
Somewhat Confident
10 Cyber Risks and Realities We’re Seeing
This Year — And Beyond
Third-party cyber risk is just one of many threats that GCs need to consider. Opportunity is often the driving force behind cyber attacks. Threat actors know how to seize any moment and adjust their means of attack on the fly. An industry or organization not currently in the crosshairs of a threat actor can find itself there in a heartbeat. But by creating a cybersecurity program that’s based on readiness and resilience, GCs can help position organizations to handle a variety of cyber attack types.
The threat landscape is always changing. Have you considered these risks?
Very Confident
Not Confident
Somewhat Confident
Very Confident
How confident are you in understanding your organization's third-party cybersecurity risk and the implications to your organization should a connected entity suffer an incident?
Building Effective Cybersecurity Governance
Today’s general counsel must find a way to manage risk and compliance, while ensuring efficient and cost-effective operations across their departments.
An intense digital risk landscape has placed complex demands on legal teams
Legal
Information Technology
Compliance & Risk
Legal
Nine Tips to Achieve Secure IT Infrastructure
Everything in business today involves data or creates implications for it. And as data has become the foundation for modern commerce and communication, digital risk has quite rapidly surpassed all other areas of corporate risk as the major concern.
IT is a critical first line of defense against privacy and security risks.
Information Technology
Compliance & Risk
Legal
Information Technology
A New Era of Risk: Defining Digital
Insights & Risk Management
Regulatory inquiries, litigation and data subject access requests could cripple business operations logistically, financially and reputationally if organizations aren’t prepared to manage them.
Risks from unprecedented data issues have become the new imperative.
Compliance & Risk
Legal
Information Technology
Compliance & Risk
What department owns digital risk in your organization?
A Guide to Data Breach Reporting Obligations
The data privacy regulatory landscape is varied and in a perpetual state of change. Without a formalized data privacy program, missteps are easy to make when the full scope of requirements are unclear and planning is difficult when new laws may crop up at any time.
Step by step, teams can shift from being reactive to making privacy a priority.
We do not monitor this proactively
Yes, but it is ad-hoc
Yes, is is part of our formalized data privacy program
We do not monitor this proactively
Data Subject Requests and the GDPR: Steps to Prepare
With more than 130 data protection regulations already in place and more emerging all the time, achieving and maintaining privacy compliance has become one of the most challenging imperatives in global business today.
Evolving privacy regulations demand dedicated, proactive attention.
Yes, but it is ad-hoc
Yes, is is part of our formalized data privacy program
We do not monitor this proactively
Yes, but it is ad-hoc
The Perfect Storm: AdTech, Privacy and Digital Advertising
Data privacy is (slowly) shifting from being viewed as a burden to being embraced as a strategic enabler. At the same time, mature programs must keep pace with new areas of enforcement.
Mature data privacy programs drive enterprise value and trust.
Yes, is is part of our formalized data privacy program
We do not monitor this proactively
Yes, but it is ad-hoc
Yes, is is part of our formalized data privacy program
Does your organization have a process for monitoring and responding to data protection regulations as they arise and change?
Ransomware Investigation for Aviation Engineering Company
You cannot control whether you will be the victim of a cyber attack, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and financial standing. Waiting until an incident has occurred to act is too late.
All organizations are vulnerable to cybersecurity risk.
I don't know
No
Yes
I don't know
What to Say to Your Stakeholders When You’ve Been Hacked (Hint: Don’t Say ‘Hacked’)
Having a comms process in place that mitigates reputational risk and keeps stakeholders informed is a critical first step. And that includes ensuring that your review and approvals process is streamlined. See how companies can strengthen their cybersecurity messaging and preparedness across a cyber event’s life cycle.
Prepared companies project confidence in moments of crisis.
No
Yes
I don't know
No
Briefing on Cybersecurity Crisis Communications: Five Key Takeaways
As we have seen from many high-profile incidents, an organization is generally not criticized because a cybersecurity incident has occurred, but criticism is often leveled at the organization’s response. How an organization chooses to respond can have significant reputational and financial implications which can linger long after the cyber issue has been resolved.
Ensure your playbook is ready for action.
Yes
I don't know
No
Yes
Does your organization have a process for managing and guiding communications in the event of a cybersecurity incident?
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select a Topic
Share
Meet an Expert
Does your organization have a process for managing and guiding communications in the event of a cybersecurity incident?
Other/Don’t Know
Other/Don't know
Other/Don’t Know
Other/Don’t Know
Legal
A New Era of Risk: Defining Digital Insights & Risk Management
Given that the definition of digital risk is both broad and vague, it is perhaps unsurprising that ownership is also unclear. A wide range of titles are expected to manage digital risk, including chief technology officers, chief information security officers, chief information officers, chief risk officers, chief compliance officers and chief data officers.
Digital risk encompasses every aspect of how organizations collect, generate, use and store data.
Other/Don’t Know
Information Technology
Compliance & Risk
Not sure
Not sure
Not sure
Not sure
We do not monitor this proactively
Privacy and Innovation: Reflections on Recent Data Privacy Events
Privacy is a rapidly maturing field and organizations are making steady progress in establishing programs or improving maturity. A key goal should be to move beyond compliance to build data protection, transparency, trust and consumer privacy into the fabric of corporate culture and business-as-usual operations.
Data privacy risk touches many aspects of business risk and exposure.
Not sure
Yes, but it is ad-hoc
Yes, is is part of our formalized data privacy program
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select the topic that is top of mind for you, then tell us where you are on your journey to receive a personalized reading recommendation:
Share
Meet an Expert
Data Protection Regulations
How do your cybersecurity and data privacy strategies stack up?
Case Studies
Rachel Rosenblatt, Senior Managing Director, Strategic Communications, on why the GC needs to think beyond the traditional legal team when a crisis hits.
Considerations for the GC
Most companies are going to be hit by a major event at some point. Rachel Rosenblatt, Senior Managing Director, Strategic Communications, explains why long-term thinking should guide short-term actions.
Considering Your Response
Jordan Rae Kelly, Senior Managing Director, Head of Cybersecurity, Americas, discusses why GCs need to prepare for a cybersecurity incident.
Steps GCs Can Take to Be Smart on Cybersecurity
Tom Becker, Senior Managing Director, US Crisis Communication outlines the first steps a GC needs to take when a crisis occurs, and how to use a crisis to improve a company.
How a GC Can Turn a Challenge Into an Opportunity
Meredith Griffanti, Strategic Communications Global Head of Cybersecurity & Data Privacy Communications, outlines why the General Counsel is pivotal in an incident response situation.
Data Privacy & Cybersecurity for the GC Community
Tom Becker, Senior Managing Director, US Crisis Communication outlines the first steps a GC needs to take when a crisis occurs, and how to use a crisis to improve a company.
How a GC Can Turn a Challenge Into an Opportunity
Most companies are going to be hit by a major event at some point. Rachel Rosenblatt, Senior Managing Director, Strategic Communications, explains why long-term thinking should guide short-term actions.
Considering Your Response
Rachel Rosenblatt, Senior Managing Director, Strategic Communications, on why the GC needs to think beyond the traditional legal team when a crisis hits.
Considerations for the GC
Anthony J. Ferrante, Global Head of Cybersecurity and Former Director for Cyber Incident Response at the National Security Council at the White House, on why General Counsel should engage with external cybersecurity experts.
Why GCs Should Engage with External Cybersecurity Experts
Jordan Rae Kelly, Senior Managing Director, Head of Cybersecurity, Americas, discusses why GCs need to prepare for a cybersecurity incident.
Steps GCs Can Take to Be Smart on Cybersecurity
Meredith Griffanti, Strategic Communications Global Head of Cybersecurity & Data Privacy Communications, outlines why the General Counsel is pivotal in an incident response situation.
Data Privacy & Cybersecurity for the GC Community
Case Studies
Wells Fargo
Microsoft & Activision
Colonial Pipeline
Hertz
Madoff Recovery
Select a Case Study
Microsoft & Activision
Colonial Pipeline
Hertz
Madoff Recovery
Wells Fargo
Our Role
The Impact
In 2022, Colonial Pipeline received the Silver Anvil Award of Excellence from the Public Relations Society of America for its communications response to the ransomware attack and navigating a national crisis.
Compass Lexecon was engaged to provide economic analysis and expert testimony on the deal’s impact on competition and procompetitive efficiencies in the gaming industry.
Compass Lexecon expert, Professor Dennis W. Carlton, testified before the federal court that the FTC expert’s economic analysis was flawed, relied on unsupported assumptions, and failed to show that the transaction would lead to unfair competition and foreclosure of Activision Blizzard’s content from Microsoft rivals.
Compass Lexecon’s economic analysis and expert testimony identified deal-specific benefits, including expanded access to Activision Blizzard’s gaming content, lower costs for gamers and increased incentives for investment in game development.
Our Role
In December 2022, the U.S. Federal Trade Commission (“FTC”) filed a complaint in the federal court in California to halt Microsoft’s acquisition of Activision Blizzard, citing antitrust concerns.
Situation
FTI Consulting subsidiary Compass Lexecon secures a landmark victory for clients Microsoft and Activision Blizzard, a leading game developer and publisher, in a highly contested vertical merger, the largest technology merger in history.
Microsoft and Activision Prevail in Landmark Merger Case
Microsoft & Activison
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
The FTC alleged that the deal would allow Xbox-maker Microsoft to suppress competition in the gaming industry and monopolize Activision Blizzard’s popular game titles such as World of Warcraft and Call of Duty. Microsoft and Activision Blizzard retained FTI Consulting subsidiary Compass Lexecon to respond to FTC’s complaint.
Overview
Process
Result
Judge Corley’s opinion relied on several recent challenges to vertical mergers where judges ruled for the defendants — United States of America v. AT&T Inc., DirecTV Group Holdings, LLC, and Time Warner Inc.; Federal Trade Commission v. Meta Platforms, Inc.; and the FTC ALJ opinion in In the Matter of Illumina, Inc. and Grail, Inc. — all of which are cases where Professor Carlton served as an economic expert for the merging parties.
Execution
Judge Corley repeatedly referenced Professor Carlton’s testimony in her opinion criticizing the FTC expert’s analysis and acknowledged several post-transaction benefits noted in Professor Carlton’s testimony.
Recommendations
Judge Jacqueline Scott Corley of the United States District Court for the Northern District of California denied the FTC’s request for a preliminary injunction, ruling that the FTC had failed to demonstrate that it would likely prevail in its claim that the proposed merger would substantially lessen competition and that, in contrast to the FTC’s claims, there would be more consumer access to Activision content following the merger. The U.S. Appeals Court for the 9th Circuit then denied the FTC’s appeal, thereby allowing the acquisition to close.
Diagnosis
The Impact
Hertz successfully de-fleeted approximately 200,000 vehicles, facilitating the repayment of USD$4.3 billion in debt principal and sold its Donlen business for approximately USD$875 million.
Execution
Hertz successfully negotiated many key aspects of its capital structure, including USD$1.65 billion in funds for general corporate purposes and critical fleet equity needs.
Recommendations
In June 2021, Hertz announced that it had successfully completed its Chapter 11 restructuring process and “emerged as a financially and operationally stronger company that is well-positioned for the future.”
Diagnosis
The Impact
FTI Consulting’s team of experts managed diligence activities and communications with financial and legal advisors and provided a temporary senior-level accounting resource, among other activities.
Result
FTI Consulting assisted with cash forecasting and liquidity management; oversaw vendor- and supplier-related matters; and prepared a quality-of-earnings report for the sale of Hertz’s Donlen subsidiary.
Process
FTI Consulting was engaged by Hertz to develop its Chapter 11 plan and support its domestic and international restructuring activities.
Leveraging its global footprint, FTI Consulting deployed more than 150 experts across the U.S., UK, Germany, France, Italy, Spain and Australia to support the engagement.
Overview
Our Role
Despite undertaking various liquidity initiatives, such as reducing vehicle purchase commitments, securing airport concession deferrals and abatements, and implementing furloughs and terminations, Hertz filed for Chapter 11 in May 2020.
Following the outbreak of COVID-19 and associated travel restrictions, Hertz experienced a severe decline in its global business and mounting liquidity demands, while its vehicle financing structure required significant monthly mark-to-market payments.
Situation
When COVID-19 put a pause on travel, Hertz was forced to file for bankruptcy to protect its business. In its moment of truth, Hertz enlisted FTI Consulting to support its global restructuring activity.
Hertz Gets Its Wheels Back in Motion
Hertz
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
Judge Corley’s opinion relied on several recent challenges to vertical mergers where judges ruled for the defendants — United States of America v. AT&T Inc., DirecTV Group Holdings, LLC, and Time Warner Inc.; Federal Trade Commission v. Meta Platforms, Inc.; and the FTC ALJ opinion in In the Matter of Illumina, Inc. and Grail, Inc. — all of which are cases where Professor Carlton served as an economic expert for the merging parties.
Execution
Recoveries from the Madoff Recovery Initiative far exceed similar efforts related to prior Ponzi schemes both in terms of dollar value and percentage of stolen funds recovered.³
Recommendations
FTI Consulting’s work allowed the Trustee to recover more than $14.5 billion to date, representing over 80% of the stolen funds.
Diagnosis
The Impact
With the Trustee, the teams investigated more than 16,500 claims, ultimately allowing more than 2,600.
Provided litigation support, including serving as expert witnesses, for more than 1,000 lawsuits, including two actions that reached the Supreme Court of the United States.
Result
The teams reconstructed books and records, determined amounts deposited and withdrawn from thousands of customer accounts and analyzed hundreds of millions of transactions.
Process
FTI Consulting was engaged by Irving Picard, the Trustee, and BakerHostetler, the Trustee’s counsel, to investigate the financial affairs, identify and analyze the massive amounts of financial documents and data, and provide forensic accounting analysis and expert testimony to help the Trustee recover the stolen funds.
Overview
Our Role
A Trustee under the Securities Investor Protection Act was appointed to liquidate Madoff’s firm and to recover the proceeds from his Ponzi scheme.²
In December 2008, Bernie Madoff admitted that the Investment Advisory business within his firm was a Ponzi scheme, setting off his arrest and a chain reaction of events throughout the financial services world and philanthropic communities.¹
Situation
Bernard Madoff's unprecedented fraud spanned decades and defrauded thousands of investors of approximately USD$20 billion.
Unwinding the World’s Largest Ponzi Scheme
Madoff Recovery
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
Wells Fargo has since regained most of its market capitalization (approximately $210 billion as of January 2022), and it remains one of the largest banks in the United States.
Execution
These reforms helped the bank avoid criminal prosecution and were referenced in its $3 billion settlement with the U.S. government in February 2020.
Recommendations
Wells Fargo’s Board of Directors report, with numerous citations to FTI Consulting’s work, was publicly issued and led to wide-ranging reforms of Wells Fargo’s internal practices.
Diagnosis
The Impact
As part of this investigation, the team met with dozens of attorneys, including Wells Fargo’s in-house counsel and several firms representing Wells Fargo. FTI Consulting’s professionals also presented findings and responded to requests from attorneys at numerous government agencies, including the SEC, civil and criminal divisions of the DOJ, and the California Attorney General’s office.
Result
Wells Fargo’s Board of Directors issued a report into Wells Fargo’s sales practices based on FTI Consulting’s and Shearman & Sterling’s findings. FTI Consulting conducted over 50 interviews and analyzed consumer bank data from millions of accounts to uncover underlying issues ranging from decentralized processes to poor corporate culture.
Process
Our forensic accounting and data analytics experts examined millions of records spread across multiple platforms, looking back a decade and a half for relevant data.
Overview
Our Role
Wells Fargo shocked the nation when it announced it had fired 5,300 employees over several years for creating millions of fake customer accounts in a cross-selling practice to meet extremely aggressive sales quotas. Decades of reputational and brand value quickly evaporated as Wells Fargo made headlines for the size and scope of the sales practices and the subsequent resignations of both its CEO and COO. FTI Consulting and Shearman & Sterling were retained by a special committee of Wells Fargo’s Board of Directors to conduct an independent investigation and give the Board of Directors more clarity on what happened and the actions to take going forward to restore credibility with impacted stakeholders.
Situation
Facing one of the largest instances of alleged customer fraud in U.S. banking history, Wells Fargo’s Board of Directors engaged FTI Consulting and global law firm Shearman & Sterling to conduct an independent investigation into how these alleged events occurred and help restore the bank’s reputation and enterprise value.
FTI Consulting Insights Help Wells Fargo Reform and Recover
Wells Fargo
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
Safeguarding through Crisis
Cybersecurity & Data Privacy
Access Event Replay
On June 15, 2023, FTI Consulting and WSJ Custom Events invited Deputy Attorney General Lisa Monaco to speak on the general counsel’s role as the bridge between regulators and the C-suite.
The New Regulatory Roadmap:
Lisa Monaco in Conversation with David Kline
View All General Counsel Insights
Read More
Cyber risks and threats related to advanced technologies such as artificial intelligence, blockchain, cryptocurrency and metaverse en...
The GC and ESG: From Great Risk Comes Great Opportunity
Read More
The first 48 hours of a corporate crisis presents a complex web of risk and challenges for the general counsel (GC).
Missteps the GC Should Avoid in the First 48 Hours of a Crisis
Read More
In-house counsel should coordinate inside leaders and outside advisors to respond to a crisis. But they also have a role in longer-term response.
More Than Mere Survival: The GC’s Role in Moving Beyond Crisis
Read More
Social and technological changes have elevated the amount of potential harm a rogue employee can do. Knowing the best approach to take can minimize the fallout and even mitigate future risks.
When the Black Swan Comes From Within
Read More
Regardless of scale, every company stands to experience a crisis sooner or later. The difference between survival and extincion often boils down to how effectively the company can react and how it handles the fallout.
Preparing for the Inevitable Black Swan
Meredith Griffanti, Strategic Communications Global Head of Cybersecurity & Data Privacy, Communications, explains what GCs should do after a crisis to strengthen their company's future preparedness.
The Role of the GC as "Crisis Commander"
Meredith Griffanti, Strategic Communications Global Head of Cybersecurity & Data Privacy, Communications, explains what GCs should do after a crisis to strengthen their company's future preparedness.
The Role of the GC as "Crisis Commander"
How do your cybersecurity and data privacy strategies stack up?
How do your cybersecurity and data privacy strategies stack up?
Managing and Guiding Communications
Meet an Expert
Share
Third-Party Security Risk
Third-Party Security Risk
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing & Guiding Communications
Select the topic that is top of mind for you, then tell us where you are on your journey to receive a personalized reading recommendation:
Managing and Guiding Communications
How do your cybersecurity and data privacy strategies stack up?
Share
Meet an Expert
Select a topic
Managing and Guiding Communications
Incident Response Plans
Third-Party Security Risk
Digital Risk
Data Protection Regulations
Data Protection Regulations
Digital Risk
I don't know
No
Yes
Yes
Ensure your playbook is ready for action.
As we have seen from many high-profile incidents, an organization is generally not criticized because a cybersecurity incident has occurred, but criticism is often levelled at the organization’s response. How an organisation chooses to respond can have significant reputational and financial implications which can sustain long after the cyber issue has been resolved.
Data Protection Regulations
Digital Risk
I don't know
No
Briefing on Cybersecurity Crisis Communications: Five Key Takeaways
As we have seen from many high-profile incidents, an organization is generally not criticized because a cybersecurity incident has occurred, but criticism is often levelled at the organization’s response. How an organisation chooses to respond can have significant reputational and financial implications which can sustain long after the cyber issue has been resolved.
Ensure your playbook is ready for action.
Yes
I don't know
What to Say to Your Stakeholders When You’ve Been Hacked (Hint: Don’t Say ‘Hacked’)
Having a comms process in place that mitigates reputational risk and keeps stakeholders informed is a critical first step. And that includes ensuring that your review and approvals process is streamlined. See how companies can strengthen their cybersecurity messaging and preparedness across a cyber event’s life cycle.
Prepared companies project confidence in moments of crisis.
No
Yes
Ransomware Investigation for Aviation Engineering Company
You cannot control if you will be the victim of a cyber attack or not, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and financial standing. Waiting until an incident has occurred to act is too late.
All organizations are vulnerable to cybersecurity risk.
I don't know
No
Yes
No
Ransomware Investigation for Aviation Engineering Company
You cannot control if you will be the victim of a cyber attack or not, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and financial standing. Waiting until an incident has occurred to act is too late.
All organizations are vulnerable to cybersecurity risk.
Answer 4
No
No
Yes
Ransomware Investigation for Aviation Engineering Company
You cannot control if you will be the victim of a cyber attack or not, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and financial standing. Waiting until an incident has occurred to act is too late.
All organizations are vulnerable to cybersecurity risk.
I don't know
No
Yes
Data Protection Regulations
Digital Risk
I don't know
What to Say to Your Stakeholders When You’ve Been Hacked (Hint: Don’t Say ‘Hacked’)
Having a comms process in place that mitigates reputational risk and keeps stakeholders informed is a critical first step. And that includes ensuring that your review and approvals process is streamlined. See how companies can strengthen their cybersecurity messaging and preparedness across a cyber event’s life cycle.
Prepared companies project confidence in moments of crisis.
No
Yes
Data Protection Regulations
Digital Risk
I don't know
No
Briefing on Cybersecurity Crisis Communications: Five Key Takeaways
As we have seen from many high-profile incidents, an organization is generally not criticized because a cybersecurity incident has occurred, but criticism is often levelled at the organization’s response. How an organisation chooses to respond can have significant reputational and financial implications which can sustain long after the cyber issue has been resolved.
Ensure your playbook is ready for action.
Yes
Data Protection Regulations
Answer 4
I don't know
No
Yes
Does your organization have a process for managing and guiding communications in the event of a cybersecurity incident?
Incident Response Plans
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing and Guiding Communications
Select a topic
How do your cybersecurity and data privacy strategies stack up?
Share
Meet an Expert
Ransomware Investigation for Aviation Engineering Company
You cannot control if you will be the victim of a cyber attack or not, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and financial standing. Waiting until an incident has occurred to act is too late.
All organizations are vulnerable to cybersecurity risk.
Answer 4
No
No
Yes
How Counsel Can Effectively Lead Data Breach Investigations
Legal professionals act as the interlocutor between disparate technical teams — from understanding cyber insurance policies to reporting to the appropriate regulatory authorities in multiple jurisdictions. This reliance on the general counsel inevitably places significant pressure on that individual to quickly gain control of complex and technical subject matter during a time that is already typified by an extreme lack of information.
GCs are increasingly positioned at the center of cyber incidents.
I don't know
No
Yes
Data Protection Regulations
Digital Risk
I don't know
Critical Data Breach Preparedness to Implement Now
According to the 2021 FTI Resilience Barometer, for the third year in a row, the number of G20 organizations affected by cyber attacks has increased – up to 78%. Despite this increase, organizations often have outdated incident response plans, creating a disjoined approach to mitigating risk and combatting threats.
Prepared companies project confidence in moments of crisis.
No
Yes
Data Protection Regulations
Digital Risk
I don't know
No
A Little Calm Goes a Long Way After a Cyber Attack
No matter how thorough your plan, collaboration is key, because the model for compliance and cybersecurity ties a variety of groups together to handle different situations. And there are a lot of elements after an attack that require cross-departmental organization, from IT to comms to your general counsel.
A well-crafted cyber readiness plan is critical. But that’s only the first step.
Yes
Data Protection Regulations
Answer 4
I don't know
No
Yes
Does your organization have regularly tested incident response plans that are specific to different types of incidents (e.g., insider threat, ransomware, business email compromise)?
Third-Party Security Risk
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing and Guiding Communications
Select a topic
How do your cybersecurity and data privacy strategies stack up?
Share
Meet an Expert
Ransomware Investigation for Aviation Engineering Company
You cannot control if you will be the victim of a cyber attack or not, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and financial standing. Waiting until an incident has occurred to act is too late.
All organizations are vulnerable to cybersecurity risk.
Answer 4
No
No
Very Confident
Investigation of Application Controls for a Global Financial Institution
Many organizations believe the answer to third-party cyber risk management is achieving compliance, but compliance alone does not address new threats. Cyber actors are constantly evolving and developing new attack methods, demonstrating the need for protections to also follow this more agile, evolutionary path. If you protect against what has already happened and fail to prepare for what is yet to come, you will forever be vulnerable.
GCs are expected to manage cyber risk, including from third parties.
Not Confident
Somewhat Confident
Very Confident
Data Protection Regulations
Digital Risk
Not Confident
Addressing Third-Party Cyber Risk: Moving Beyond a False Sense of Security
Third-party cyber risk is a unique issue in that while most organizations are aware of the significant threat it poses, many fail to implement an adequate risk mitigation strategy. The more third parties within an organization’s digital ecosystem, the more opportunities exist for oversight and for threat actors to exploit and steal or expose data. Organizations are unprepared, and there is a disconnect between having awareness of a problem and the ability to manage it.
Moving beyond a false sense of security
Somewhat Confident
Very Confident
Data Protection Regulations
Digital Risk
Not Confident
Somewhat Confident
10 Cyber Risks and Realities We’re Seeing This Year — And Beyond
Third-party cyber risk is just one of many threats that GCs need to consider. Opportunity is often the driving force behind cyber attacks. Threat actors know how to seize any moment and adjust their means of attack on the fly. An industry or organization not currently in the crosshairs of a threat actor can find itself there in a heartbeat. But by creating a cybersecurity program that’s based on readiness and resilience, GCs can help position organizations to handle a variety of cyber attack types.
The threat landscape is always changing.
Have you considered these risks?
Very Confident
Data Protection Regulations
Answer 4
Not Confident
Somewhat Confident
Very Confident
Does your organization have regularly tested incident response plans that are specific to different types of incidents (e.g., insider threat, ransomware, business email compromise)?
Digital Risk
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing and Guiding Communications
Select a topic
How do your cybersecurity and data privacy strategies stack up?
Share
Meet an Expert
Digital Risk
A New Era of Risk: Defining Digital Insights & Risk Management
You cannot control if you will be the victim of a cyber attack or not, but you can control how to respond to one. Effective and tailored incident prevention measures can help preserve your corporate reputation, operations, critical assets and fiGiven that the definition of digital risk is both broad and vague, it is perhaps unsurprising that ownership is also unclear. A wide range of titles are expected to manage digital risk, including chief technology officers, chief information security officers, chief information officers, chief risk officers, chief compliance officers and chief data officers.nancial standing. Waiting until an incident has occurred to act is too late.
Digital risk encompasses every aspect of how organizations collect, generate, use and store data.
Other/Don’t Know
Legal
Information Technology
Compliance & Risk
Other/Don’t Know
Building Effective Cybersecurity Governance
Today’s general counsel must find a way a way to manage risk and compliance, while ensuring efficient and cost-effective operations across their departments.
An intense digital risk landscape has placed complex demands on leagl teams
Legal
Information Technology
Compliance & Risk
Data Protection Regulations
Other/Don’t Know
Legal
Nine Tips to Achieve Secure IT Infrastructure
Everything in business today involves data or creates implications for it. And as data has become the foundation for modern commerce and communication, digital risk has quite rapidly surpassed all other areas of corporate risk as not just a major concern, but as the major concern,
IT is a critical first line of defense against privaty and security risks.
Information Technology
Compliance & Risk
Data Protection Regulations
Other/Don’t Know
Legal
Information Technology
A New Era of Risk: Defining Digital Insights & Risk Management
Regulatory inquiries, litigation and data subject access requests could cripple business operations logistically, financially and reputationally if organizations aren’t prepared to manage them.
Risks from unprecedented data isues have become the new imperative.
Compliance & Risk
Data Protection Regulations
Other/Don’t Know
Legal
Information Technology
Compliance & Risk
What department owns digital risk in your organization?
Data Protection Regulations
Data Protection Regulations
Digital Risk
Third-Party Security Risk
Incident Response Plans
Managing and Guiding Communications
Select a topic
How do your cybersecurity and data privacy strategies stack up?
Share
Meet an Expert
FTI Consulting and Shearman & Sterling were retained by a special committee of Wells Fargo’s Board of Directors to conduct an independent investigation and give the Board of Directors more clarity on what happened and the actions to take going forward to restore credibility with impacted stakeholders.
¹ Securities and Exchange Commission v. Bernard L. Madoff, U.S. District Court S.D.N.Y. (Dec. 11, 2008).
² Securities and Exchange Commission v. Bernard L. Madoff, U.S. District Court S.D.N.Y. (Dec. 15, 2008).
¹ Aaron Katersky, “More funds recovered for victims of Bernie Madoff,” ABC News web site (Dec. 9, 2022).
¹ Securities and Exchange Commission v. Bernard L. Madoff, U.S. District Court S.D.N.Y. (Dec. 11, 2008).
² Securities and Exchange Commission v. Bernard L. Madoff, U.S. District Court S.D.N.Y. (Dec. 15, 2008).
¹ Aaron Katersky, “More funds recovered for victims of Bernie Madoff,” ABC News web site (Dec. 9, 2022).
Luckin Coffee
Execution
Luckin Coffee was delisted from Nasdaq and agreed to pay a USD$180 million penalty to the U.S. Securities and Exchange Commission³ in addition to reaching a USD$175 million settlement of shareholder class action claims.⁴
Recommendations
Documentary evidence confirmed that Luckin Coffee’s Chief Executive Officer, Chief Operating Officer and certain employees reporting to them actively participated in the creation of the fabricated transactions and attempts to hide them. Their employment was ultimately terminated.²
The Special Committee, Kirkland & Ellis and FTI Consulting were able to establish that the fabrication of transactions commenced in April 2019, and as a result Luckin Coffee’s net revenue was overstated by approximately RMB2.12 billion.¹
Diagnosis
The Impact
Over the course of the Investigation, the Special Committee, Kirkland & Ellis and FTI Consulting reviewed over 550,000 documents collected from over 60 custodians, interviewed over 60 witnesses, and performed extensive forensic accounting and data analytics testing.¹
Data & Analytics
Investigations & Monitorships
TBC
E-Discovery & Managed Review
TBC
Our Role
Data Privacy
Our Role
Luckin Coffee continued to grow rapidly and expanded to more than 4,000 stores by 2020.
Luckin Coffee promoted itself as a technology-based domestic rival to Starbucks, bringing different business models and concepts to the coffee chain industry. After its maiden fundraising round the startup was valued at US$1billion making it one of the quickest firms to reach ‘unicorn’ status in China.¹
Situation
When short-sellers alleged Luckin Coffee Inc., a US listed China-based company founded in 2017, of accounting fraud and employee misconduct, discredited public disclosures and questioned the overall health of the business, FTI Consulting was engaged by a Special Committee of the Board of Directors of Luckin Coffee as an independent forensic accounting expert to assist in an independent investigation into the allegations.¹
Trouble Brewing: Helping Luckin Coffee Uncover Fraud
Luckin Coffee
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
Luckin Coffee was delisted from Nasdaq and agreed to pay a USD$180 million penalty to the U.S. Securities and Exchange Commission³ in addition to reaching a USD$175 million settlement of shareholder class action claims.⁴
Documentary evidence confirmed that Luckin Coffee’s Chief Executive Officer, Chief Operating Officer and certain employees reporting to them actively participated in the creation of the fabricated transactions and attempts to hide them. Their employment was ultimately terminated.²
The Special Committee, Kirkland & Ellis and FTI Consulting were able to establish that the fabrication of transactions commenced in April 2019, and as a result Luckin Coffee’s net revenue was overstated by approximately RMB2.12 billion.¹
The Impact
E-Discovery & Managed Review
Investigations & Monitorships
Over the course of the Investigation, the Special Committee, Kirkland & Ellis and FTI Consulting reviewed over 550,000 documents collected from over 60 custodians, interviewed over 60 witnesses, and performed extensive forensic accounting and data analytics testing.¹
Data & Analytics
Our Role
Situation
When short-sellers alleged Luckin Coffee Inc., a US listed China-based company founded in 2017, of accounting fraud and employee misconduct, discredited public disclosures and questioned the overall health of the business, FTI Consulting was engaged by a Special Committee of the Board of Directors of Luckin Coffee as an independent forensic accounting expert to assist in an independent investigation into the allegations.¹
Trouble Brewing: Helping Luckin Coffee Uncover Fraud
Luckin Coffee
Case Study
3. The Impact
2. Our Role
1. Situation
Introduction
Luckin Coffee
Luckin Coffee
Luckin Coffee was delisted from Nasdaq and agreed to pay a USD$180 million penalty to the U.S. Securities and Exchange Commission³ in addition to reaching a USD$175 million settlement of shareholder class action claims.⁴
Execution
Documentary evidence confirmed that Luckin Coffee’s Chief Executive Officer, Chief Operating Officer and certain employees reporting to them actively participated in the creation of the fabricated transactions and attempts to hide them. Their employment was ultimately terminated.²
Recommendations
The Special Committee, Kirkland & Ellis and FTI Consulting were able to establish that the fabrication of transactions commenced in April 2019, and as a result Luckin Coffee’s net revenue was overstated by approximately RMB2.12 billion.¹
Diagnosis
The Impact
Over the course of the Investigation, the Special Committee, Kirkland & Ellis and FTI Consulting reviewed over 550,000 documents collected from over 60 custodians, interviewed over 60 witnesses, and performed extensive forensic accounting and data analytics testing.¹
Data & Analytics
Our Role
Luckin Coffee promoted itself as a technology-based domestic rival to Starbucks, bringing different business models and concepts to the coffee chain industry. After its maiden fundraising round the startup was valued at US$1billion making it one of the quickest firms to reach ‘unicorn’ status in China.¹
Luckin Coffee continued to grow rapidly and expanded to more than 4,000 stores by 2020.
An anonymous short-selling report cited by Muddy Waters alleged that Luckin Coffee was involved in an elaborate accounting fraud.² Luckin Coffee’s Board of Directors formed a Special Committee to undertake an independent investigation of the allegations. The Special Committee engaged Kirkland & Ellis as its legal advisor and FTI Consulting as its independent forensic accounting expert.³
Situation
When short-sellers alleged Luckin Coffee Inc., a US listed China-based company founded in 2017, of accounting fraud and employee misconduct, discredited public disclosures and questioned the overall health of the business, FTI Consulting was engaged by a Special Committee of the Board of Directors of Luckin Coffee as an independent forensic accounting expert to assist in an independent investigation into the allegations.¹
Trouble Brewing: Helping Luckin Coffee Uncover Fraud
Luckin Coffee
Case Study
The Impact
Our Role
Situation
Introduction
Luckin Coffee
Luckin Coffee
¹ Luckin Coffee Announces Formation of Independent Special Committee and Provides Certain Information Related to Ongoing Internal Investigation
An anonymous short-selling report cited by Muddy Waters alleged that Luckin Coffee was involved in an elaborate accounting fraud.² Luckin Coffee’s Board of Directors formed a Special Committee to undertake an independent investigation of the allegations. The Special Committee engaged Kirkland & Ellis as its legal advisor and FTI Consulting as its independent forensic accounting expert.³
¹ Luckin Coffee's journey from hot startup to $5billion share wipeout
² Luckin Coffee's journey from hot startup to $5billion share wipeout
³ Luckin Coffee Announces Formation of Independent Special Committee and Provides Certain Information Related to Ongoing Internal Investigation
¹ Luckin Announces the Substantial Completion of the Internal Investigation
¹ Luckin Announces the Substantial Completion of the Internal Investigation
² Luckin Announces the Substantial Completion of the Internal Investigation
³ https://www.sec.gov/news/press-release/2020-319
⁴ Luckin Coffee in $175 million class action settlement over accounting fraud
¹ Luckin Coffee Announces Formation of Independent Special Committee and Provides Certain Information Related to Ongoing Internal Investigation
An anonymous short-selling report cited by Muddy Waters alleged that Luckin Coffee was involved in an elaborate accounting fraud.² Luckin Coffee’s Board of Directors formed a Special Committee to undertake an independent investigation of the allegations. The Special Committee engaged Kirkland & Ellis as its legal advisor and FTI Consulting as its independent forensic accounting expert.³
Luckin Coffee promoted itself as a technology-based domestic rival to Starbucks, bringing different business models and concepts to the coffee chain industry. After its maiden fundraising round the startup was valued at US$1billion making it one of the quickest firms to reach ‘unicorn’ status in China.¹
Luckin Coffee continued to grow rapidly and expanded to more than 4,000 stores by 2020.
¹ Luckin Coffee's journey from hot startup to $5billion share wipeout
² Luckin Coffee's journey from hot startup to $5billion share wipeout
³ Luckin Coffee Announces Formation of Independent Special Committee and Provides Certain Information Related to Ongoing Internal Investigation
¹ Luckin Announces the Substantial Completion of the Internal Investigation
¹ Luckin Announces the Substantial Completion of the Internal Investigation
² Luckin Announces the Substantial Completion of the Internal Investigation
³ https://www.sec.gov/news/press-release/2020-319
⁴ Luckin Coffee in $175 million class action settlement over accounting fraud
¹ Securities and Exchange Commission v. Bernard L. Madoff, U.S. District Court S.D.N.Y. (Dec. 11, 2008).
² Securities and Exchange Commission v. Bernard L. Madoff, U.S. District Court S.D.N.Y. (Dec. 15, 2008).
³ Aaron Katersky, “More funds recovered for victims of Bernie Madoff,” ABC News web site (Dec. 9, 2022).
¹ Luckin Coffee Announces Formation of Independent Special Committee and Provides Certain Information Related to Ongoing Internal Investigation
¹ Luckin Coffee's journey from hot startup to $5billion share wipeout
² Luckin Coffee's journey from hot startup to $5billion share wipeout
³ Luckin Coffee Announces Formation of Independent Special Committee and Provides Certain Information Related to Ongoing Internal Investigation
¹ Luckin Announces the Substantial Completion of the Internal Investigation
¹ Luckin Announces the Substantial Completion of the Internal Investigation
² Luckin Announces the Substantial Completion of the Internal Investigation
³ https://www.sec.gov/news/press-release/2020-319
⁴ Luckin Coffee in $175 million class action settlement over accounting fraud
White Collar Crime
Read More
While corporations are beefing up governance and internal controls to comply with the Foreign Corrupt Practices Act and mitigate bribery activity, many of the processes are still manual, onerous and inefficient.
How Can Artificial Intelligence Help Tackle Bribery Payments?
Read More
The general counsel (“GC”) is no stranger to the problem of white-collar crime. The stakes have risen as rapidly evolving technology such as artificial intelligence (“AI”), digital assets and the virtual world...
Future-Proofing White-Collar Crime Defenses
Read More
The ever-growing catalog of sanctions from federal agencies can trip up any organization. Even the most diligent companies can go astray.
Watch Out for These ‘Hidden’ Sanctions Traps
Read More
The Department of Justice is pushing companies to police themselves, voluntarily report misconduct and improve compliance programs. The silver lining? Companies that implement strong compliance progra...
Carrots and Sticks: Understanding the DOJ’s New Voluntary Self-Disclosure Policy
The Expert Briefing with FTI Cybersecurity
Read More
European and UK regulators are increasingly focusing on the financial crime risks within the payments sector.
All of these call on payments institutions, electronic money institutions (“EMIs”) and registered account informational service providers to do more to protect customers’ funds and the integrity of the financial system.
Payment Firms Under the Microscope – Do Your Financial Crime Controls Stand Up to Regulatory Scrutiny?
View All General Counsel Insights
Simon Onyons, Managing Director, Cybersecurity, on the new cyber regulatory landscape and what general counsel and risk and compliance teams need to do to meet evolving and fragmented regulatory requirements across a range of different geographies.
Cybersecurity Regulation
FTI Consulting Senior Advisor Matthew Layton discusses the main themes at the World Economic Forum through the General Counsel lens.
How Global Issues Impact the Modern GC
Steve McNew, Senior Managing Director, Global Leader of Blockchain and Digital Assets, on why expert testimony is required so often in crypto investigations, and what outside counsel should look for in lead investigators.
Expert Services:
Crypto Investigations
Brian Kennedy, Senior Managing Director, Head of Americas Strategic Communications, sheds light on the core principles common to the companies who get it right when crises hit.
The Fallacy of the Black Swan Event:
Principles to Help You Prepare for the Unexpected
Simon Onyons, Managing Director, Cybersecurity, on the new cyber regulatory landscape and what general counsel and risk and compliance teams need to do to meet evolving and fragmented regulatory requirements across a range of different geographies.
Cybersecurity Regulation
Jordan Rae Kelly, Senior Managing Director, Head of Cybersecurity, Americas, discusses why GCs need to prepare for a cybersecurity incident.
Steps GCs Can Take to Be Smart on Cybersecurity
White Collar Crime
White Collar Crime
View All General Counsel Insights
Read More
As ESG standards evolve, so too does the role of the general counsel, with many already in charge of identifying and tracking certain corporate ESG performance metrics.
How Can Artificial Intelligence Help Tackle Bribery Payments?
Read More
The general counsel (“GC”) is no stranger to the problem of white-collar crime. The stakes have risen as rapidly evolving technology such as artificial intelligence (“AI”), digital assets and the virtual world have introduced new methods of...
Future-Proofing White-Collar Crime Defenses
Read More
The ever-growing catalog of sanctions from federal agencies can trip up any organization. Even the most diligent companies can go astray.
Watch Out for These ‘Hidden’ Sanctions Traps
Read More
The Department of Justice is pushing companies to police themselves, voluntarily report misconduct and improve compliance programs. The silver lining? Companies that implement str...
Carrots and Sticks: Understanding the DOJ’s New Voluntary Self-Disclosure Policy
Read More
Social and technological changes have elevated the amount of potential harm a rogue employee can do. Knowing the best approach to take can minimize the fallout and even mitigate future risks.
Payment Firms Under the Microscope – Do Your Financial Crime Controls Stand Up to Regulatory Scrutiny?
Steve McNew, Senior Managing Director, Global Leader of Blockchain and Digital Assets, on why expert testimony is required so often in crypto investigations, and what outside counsel should look for in lead investigators.
Expert Services: Crypto Investigations
White Collar Crime
View All General Counsel Insights
Read More
As ESG standards evolve, so too does the role of the general counsel, with many already in charge of identifying and tracking certain corporate ESG performance metrics.
How Can Artificial Intelligence Help Tackle Bribery Payments?
Read More
The general counsel (“GC”) is no stranger to the problem of white-collar crime. The stakes have risen as rapidly evolving technology such as artificial intelligence (“AI”), digital assets and the virtual world have introduced new methods of...
Future-Proofing White-Collar Crime Defenses
Read More
The ever-growing catalog of sanctions from federal agencies can trip up any organization. Even the most diligent companies can go astray.
Watch Out for These ‘Hidden’ Sanctions Traps
Read More
The Department of Justice is pushing companies to police themselves, voluntarily report misconduct and improve compliance programs. The silver lining? Companies that implement strong compliance programs and proactively r...
Carrots and Sticks: Understanding the DOJ’s New Voluntary Self-Disclosure Policy
Read More
European and UK regulators are increasingly focusing on the financial crime risks within the payments sector. All of these call on payments institutions, electronic money institutions (“EM...
Payment Firms Under the Microscope – Do Your Financial Crime Controls Stand Up to Regulatory Scrutiny?
All Awards
Steve McNew, Senior Managing Director, Global Leader of Blockchain and Digital Assets, on why expert testimony is required so often in crypto investigations, and what outside counsel should look for in lead investigators.
Expert Services:
Crypto Investigations
Meredith Griffanti, Strategic Communications Global Head of Cybersecurity & Data Privacy Communications, outlines why the General Counsel is pivotal in an incident response situation.
Data Privacy & Cybersecurity for the GC Community
Anthony J. Ferrante, Global Head of Cybersecurity and Former Director for Cyber Incident Response at the National Security Council at the White House, on why General Counsel should engage with external cybersecurity experts.
Why GCs Should Engage with External Cybersecurity Experts
Jordan Rae Kelly, Senior Managing Director, Head of Cybersecurity, Americas, discusses why GCs need to prepare for a cybersecurity incident.
Steps GCs Can Take to Be Smart on Cybersecurity
Jordan Rae Kelly, Senior Managing Director, Head of Cybersecurity, Americas, discusses why GCs need to prepare for a cybersecurity incident.
Steps GCs Can Take to Be Smart on Cybersecurity
Mike Driscoll, Senior Managing Director, Cybersecurity, on the tools, methods and technology that are changing the nature of white-collar fraud — and how companies can get ahead of the challenge to maintain a secure environment.
Cybersecurity and White-Collar Crime
Mike Driscoll, Senior Managing Director, Cybersecurity, on the tools, methods and technology that are changing the nature of white-collar fraud — and how companies can get ahead of the challenge to maintain a secure environment.
Cybersecurity and White-Collar Crime
Simon Onyons, Managing Director, Cybersecurity, on the new cyber regulatory landscape and what general counsel and risk and compliance teams need to do to meet evolving and fragmented regulatory requirements across a range of different geographies.
Cybersecurity Regulation
Jordan Rae Kelly, Senior Managing Director, Head of Cybersecurity, Americas, discusses why GCs need to prepare for a cybersecurity incident.
Steps GCs Can Take to Be Smart on Cybersecurity
Anthony J. Ferrante, Global Head of Cybersecurity and Former Director for Cyber Incident Response at the National Security Council at the White House, on why General Counsel should engage with external cybersecurity experts.
Why GCs Should Engage with External Cybersecurity Experts
Meredith Griffanti, Strategic Communications Global Head of Cybersecurity & Data Privacy Communications, outlines why the General Counsel is pivotal in an incident response situation.
Data Privacy & Cybersecurity for the GC Community