John Lightbourne

Firm/Organization: Cleary Gottlieb Steen & Hamilton LLP

Blogs: Cleary Cybersecurity and Privacy Watch, Cleary Enforcement Watch, Cleary FinTech Update

Latest Articles

SEC Provides Second No-Action Letter in the Digital Asset Space

By Colin D. Lloyd & John Lightbourne on July 31, 2019

On July 25, 2019, staff of the Securities and Exchange Commission (“SEC”) granted its second no-action letter in the digital asset space to Pocketful of Quarters, Inc. (“POQ”), permitting POQ to sell digital tokens (“Quarters”) recorded on the Ethereum blockchain without satisfying registration requirements under the Securities Act of 1933 and the Securities Exchange Act of 1934 (the “Acts”). Like the SEC’s prior no-action letter to TurnKey Jet, Inc. (“TKJ”), which permitted TKJ to sell…

Cleary FinTech Update

Federal District Court Rules OCC Lacks Authority to Issue FinTech Charters

By Michael H. Krimminger, Patrick Fuller & John Lightbourne on May 9, 2019

On May 2, 2019, a court in the Southern District of New York (“SDNY”) held that the Office of the Comptroller of the Currency (“OCC”) lacked the statutory authority to charter nondepository special purpose national banks (the so-called “FinTech Charter”). In denying, with one exception, the OCC’s motions to dismiss claims by New York’s Department of Financial Services (“DFS”), the Court held that the OCC could not charter a nondepository “national bank” because the National…

Cleary FinTech Update

The Conference of State Banking Supervisors Seeks to Improve Consistency of FinTech Regulation, but Questions Remain

By Michael H. Krimminger, Patrick Fuller & John Lightbourne on March 22, 2019

The United States offers an innovative and diverse marketplace along with a sound infrastructure for new cryptocurrency and digital asset businesses. However, the U.S. regulatory framework for digital asset businesses creates significant barriers to innovation and risks frittering away the potential benefits of the U.S. markets’ creativity. One of the chief challenges for today’s cryptocurrency businesses, especially those offering exchange, trading, or custody services, is the fragmented and inconsistent state law framework currently applied to…

Cleary FinTech Update

SEC Seeks Comments on Key Issues Around Custody of Digital Assets

By Michael H. Krimminger, Colin D. Lloyd, Patrick Fuller, Jim Wintering & John Lightbourne on March 19, 2019

On March 12, the SEC’s Division of Investment Management (“Division”) published a letter from Paul G. Cellupica, Deputy Director and Chief Counsel of the Division, to Karen Barr, President and CEO of the Investment Advisor Association, laying out a number of issues under Rule 206(4)-2 (the “Custody Rule”). The letter included a request for information on possible revisions to the Custody Rule under the Investment Advisers Act of 1940 focused on a series of open-ended…

Cleary FinTech Update

The SEC Announces First Enforcement Actions Against Robo-Advisors

By Michael H. Krimminger, Robin M. Bergen, Colin D. Lloyd & John Lightbourne on January 4, 2019

On December 21, 2018, the Securities and Exchange Commission (SEC) announced settlements with two robo-advisors, Wealthfront Advisers LLC (Wealthfront) and Hedgeable Inc. (Hedgeable), for making false statements about investment products and engaging in misleading advertising in violation of the Investment Advisors Act of 1940 (Act). These settlements mark the SEC’s first enforcement actions against robo-advisors and serve as a reminder that, although technology may change how an investment adviser operates, the SEC expects full compliance…

Cleary Cybersecurity and Privacy Watch

New Mandatory Data Breach Reporting Requirements Become Effective for Companies Doing Business in Canada

By Alexis Collins, Adam Motiwala & John Lightbourne on November 12, 2018

On November 1, 2018, the Canadian Digital Privacy Act came into effect. The Act, passed on June 18, 2015, modified the data breach obligations for companies subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”) by introducing three new requirements in the event of certain data breaches: reporting to the Canadian Office of the Privacy Commissioner (“OPC”), notification to the affected individuals, and recordkeeping obligations. Below, we discuss these requirements and recent guidance…

Cleary Enforcement Watch

The U.S. Department of Health And Human Services Settles With Anthem for Record $16M Over Alleged HIPAA Violations

By Alexis Collins & John Lightbourne on October 18, 2018

On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a $16 million settlement with Anthem, Inc. over alleged violations of federal privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA). The settlement resolves an investigation following a data breach that exposed protected health information of nearly 79 million people. According to OCR, the incident is the largest health data breach to date…

Cleary Cybersecurity and Privacy Watch

The U.S. Department of Health And Human Services Settles With Anthem for Record $16M Over Alleged HIPAA Violations

By Alexis Collins & John Lightbourne on October 18, 2018

John Lightbourne

SEC Provides Second No-Action Letter in the Digital Asset Space

Federal District Court Rules OCC Lacks Authority to Issue FinTech Charters

The Conference of State Banking Supervisors Seeks to Improve Consistency of FinTech Regulation, but Questions Remain

SEC Seeks Comments on Key Issues Around Custody of Digital Assets

The SEC Announces First Enforcement Actions Against Robo-Advisors

New Mandatory Data Breach Reporting Requirements Become Effective for Companies Doing Business in Canada

The U.S. Department of Health And Human Services Settles With Anthem for Record $16M Over Alleged HIPAA Violations

The U.S. Department of Health And Human Services Settles With Anthem for Record $16M Over Alleged HIPAA Violations

Company

Support

New to the Network