image description

Nicole Friedlander


Nicole Friedlander

New York +1-212-558-4332 +1-212-558-4332 +1-212-558-3588+1-212-558-3588
[email protected]
Nicole Friedlander is a partner in Sullivan & Cromwell’s Criminal Defense and Investigations Group and co-head of its Cybersecurity Practice. Ms. Friedlander represents clients in complex internal investigations, regulatory enforcement proceedings and criminal matters involving every aspect of white-collar crime, including fraud, FCPA, insider trading, theft of trade secrets, money laundering and tax matters. Ms. Friedlander also advises major corporations and Boards of Directors in cybersecurity planning and incident response. She currently serves as co-chair of the New York Chapter of the Women’s White Collar Defense Association and as a member of the New York City Bar Association’s White Collar Crime Committee. Ms. Friedlander has been ranked by Chambers USA 2021 for White-Collar Crime & Government Investigations, where sources praised her “impress[ive] facility and judgment,” her ability to “quietly command[] the room with her skilled preparation,” and her standout trial skills (“She is so good in court.”).

Ms. Friedlander joined the Firm in 2016 from the United States Attorney’s Office for the Southern District of New York, where she was Chief of the Complex Frauds and Cybercrime Unit, and served for over eight years. In white-collar, among a wide range of cases, Ms. Friedlander led major prosecutions of offshore banks for facilitating tax evasion; secured one of the largest-ever FCPA resolutions; led cutting edge prosecutions of virtual currency exchangers for money laundering and Bank Secrecy Act violations; and brought a groundbreaking racketeering case against the owner of multibillion-dollar payday lending companies. In cybersecurity, Ms. Friedlander led the successful investigation of the largest-ever cyber theft of customer data from a U.S. financial institution; oversaw the indictment of Iranian state-sponsored hackers for coordinating cyberattacks on 46 financial institutions; and prosecuted a Russian national for hacking U.S. banks in a case the FBI named one of its top ten of the year. Ms. Friedlander was also a part of the litigation team that challenged an internet services provider to comply with a warrant, leading to Congress’ passage of the CLOUD Act.

During her tenure at the U.S. Attorney’s Office, Ms. Friedlander also successfully tried numerous federal criminal cases and briefed and argued appeals before the U.S. Court of Appeals for the Second Circuit.

Selected Rankings and Recognitions
  • Recognized as a leader by Chambers USA in White-Collar Crime & Government Investigations (2021)
  • Named to Cybersecurity Docket’s “Incident Response 30” (2019) and “Incident Response 40” (2021)
  • Named to Global Investigations Review’s Top 100 Women in Investigations worldwide (2018)
  • Named a Rising Star by The New York Law Journal (2016)
  • Recipient of National Association of Former U.S. Attorneys' Exceptional Service Award (2015)
  • Recipient of Federal Executive Board's Distinguished Teamwork Award (2013)
  • Named Federal Law Enforcement Foundation's “Prosecutor of the Year” (2012)
Recent Speaking Engagements and Events
  • “FCPA, Sanctions and Anti-Money Laundering” (PLI’s Doing Business in and with Emerging Markets 2021, June 7, 2021)
  • ​“Working With the Regulator” (Journal of Law and Cyber Warfare Conference, November 19, 2020)
  • “Secrets Protection, Enforcement, and Litigation” (Sandpiper Partners webinar, November 17, 2020)
  • “Confronting Cybersecurity and Data Privacy Challenges in Times of Unprecedented Change” (New York University School of Law’s Program on Corporate Compliance and Enforcement, October 14, 2020)
  • “Cross-Border Regulatory and Enforcement Perspectives” (Sandpiper Partners Modernization of Canadian Privacy and Cybersecurity Framework conference, October 1, 2020)
  • “The Global Threat of Cyberwarfare: From Work at Home to Infrastructure and Election Insecurity” (WomenCorporateDirectors 2020 Virtual Global Institute, September 9, 2020)
  • “Cybersecurity Guidelines for Regulatory Agencies” (Thomson Reuters the Global Cyber Institute webinar, July 14, 2020)
  • “FCPA, Sanctions and Anti-Money Laundering” (PLI’s Doing Business in and with Emerging Markets 2020, June 1, 2020)
  • “Business Email Compromises” (Incident Response Forum 2020, April 14, 2020)
  • “What Will it Take to Become Cyber Resilient?” (RANE Risk Management Summit, April 3, 2019)
  • “Global Enforcement Trends” (New York City Bar’s International White Collar Crime Symposium, December 3, 2019)
  • “Into the Breach: Dealing with Law Enforcement and Counsel in a Cyber-Crisis” (RSA Conference, March 6, 2019)
  • “Former White Collar Defendants Speak” (New York City Bar’s 7th Annual White Collar Crime Institute, May 9, 2018)
  • Keynote with Brian Krebs (Legaltech 2018, January 30, 2018)
  • “What Makes a Hacker? Two Cyber Experts Explain” (Fortune, July 26, 2017)
  • “Responding to Emerging Threats in Cybersecurity” (Sullivan & Cromwell and the Harvard Law School Women’s Alliance (HLSWA), July 13, 2017)
  • “Commencing the Internal Investigation: Considerations at the Outset” (PLI’s Internal Investigations 2017, June 19, 2017)
  • “Managing Risks in the Current and Emerging Threat Landscape” (New York Bankers Association, May 16, 2017)
  • “Cybersecurity Issues for Boards of Directors: The Geography of Future Markets” (Women Corporate Directors 2017 Global Institute, May 10, 2017)
  • “Maximizing Leniency in Government FCPA Investigations” (PLI’s The Foreign Corrupt Practices Act and International Anti-Corruption Developments, April 25, 2017)
  • “Cross-Border Cybersecurity Threats” (Harvard Law School, April 21, 2017)


  • Represented Goldman Sachs in reaching coordinated resolutions in multiple criminal and regulatory investigations in jurisdictions around the world relating to an alleged multi-billion dollar money laundering and corruption scheme involving the Malaysia sovereign development company, 1MDB, and senior public officials in Malaysia and the United Arab Emirates, including a deferred prosecution agreement with the DOJ and resolutions with the government of Malaysia, the SEC, Federal Reserve, New York DFS, and regulators in the UK, Hong Kong and Singapore.
  • Represented Wells Fargo in resolving multiple criminal and regulatory investigations, including by the DOJ, the SEC and a multi-state working group of attorneys general, as well as in civil litigation, related to Wells Fargo’s sales practices.
  • Represents a U.S. financial institution in DOJ, bank regulatory and internal investigations into potential AML and Bank Secrecy Act violations arising from payments that flowed through the bank in connection with the FIFA and Petrobras bribery schemes.
  • Represents a global financial institution in DOJ and bank regulatory investigations into billions of dollars in payments processed in violation of U.S. sanctions laws.
  • Conducted an internal investigation for a multinational company concerning price-fixing in a U.S. auction market.
  • Conducted an internal investigation for a multinational company concerning potential cross-border tax violations and tax evasion.
  • Represented senior executives of a global financial institution in a bank regulatory investigation concerning potential diligence and oversight failures regarding problematic transactions. The regulator declined to take action against them.
  • Represented Popular in responding to a criminal cyber breach of company systems, including on state privacy issues, nationwide customer notification, and coordinating with their prudential banking regulator.
  • Represented Scottrade with respect to the exposure of unencrypted files containing customers’ personal data, including on state privacy law issues and nationwide customer notification.
  • Represented a financial institution in responding to law enforcement notification of a potential breach of its network by a hostile nation-state.
  • Represented a technology company in responding to the cyber theft of its source code, including notification to millions of customers, coordination with law enforcement, and conducting an internal investigation.
  • Advised multiple acquirers, and their financial advisors, engaging in M&A transactions in which significant data breaches were discovered at the target within days or hours of closing. All deals were successfully completed.
  • Advising a retailer in connection with a cybersecurity breach at its third-party e-commerce platform.
  • Advised a global financial services firm that lost funds to criminals overseas in a cyber-fraud scheme, including working with U.S. and foreign law enforcement, and tracing and instituting actions to freeze and recover the stolen funds. We successfully recovered millions of dollars for our client in weeks.
  • Represented a public company in an SEC investigation concerning a potential data breach.
  • Represented a financial institution in an investigation and in responding to an inquiry by the New York DFS and foreign law enforcement regarding a cybersecurity breach at a client that resulted in the loss of millions of dollars in customer funds.
  • Represents numerous financial institutions, hedge funds and global companies as standing outside cyber counsel.
  • Advises numerous financial institutions and other companies, including senior management and boards of directors, on cyber governance responsibilities and best practices, and on the coordination and implementation of cybersecurity “tabletop exercises.”
  • Represented numerous public companies in responding to ransomware attacks and cyber extortion schemes.
  • Advised a major investment fund in recovering funds lost in a cyber-fraud phishing scheme. As a result of our quick work and coordination with U.S. authorities, the client recovered the entirety of the $1.2 million it lost.
  • Advised a public company regarding a potential state-sponsored cybersecurity breach of its systems, including coordinating with federal law enforcement and intelligence agencies.
  • Advised a public company retailer regarding a potential cybercriminal compromise of its payment processing platform resulting in unauthorized charges on customers’ credit cards.
  • Advised the owners of a privately held company in responding to a cyber-fraud, as a result of which the client successfully recovered nearly $20 million transferred to Hong Kong without authorization.
  • Advised a public technology company that received ransom demands to prevent hackers from publicly disclosing stolen company data, and lead the investigation into the theft of that data.
  • Advised a public company that was targeted in “brute force” cyber attacks by a party seeking to obtain information for its advantage in potential litigation, as a result of which the party abandoned the threatened litigation.