John Lightbourne

Connect: Read more about John Lightbourne
Firm/Organization: Cleary Gottlieb Steen & Hamilton LLP
Blogs: Cleary Cybersecurity and Privacy Watch, Cleary Enforcement Watch, Cleary FinTech Update

Latest Articles

On May 2, 2019, a court in the Southern District of New York (“SDNY”) held that the Office of the Comptroller of the Currency (“OCC”) lacked the statutory authority to charter nondepository special purpose national banks (the so-called “FinTech Charter”).  In denying, with one exception, the OCC’s motions to dismiss claims by New York’s Department of Financial Services (“DFS”), the Court held that the OCC could not charter a nondepository “national bank” because the National…
The United States offers an innovative and diverse marketplace along with a sound infrastructure for new cryptocurrency and digital asset businesses.  However, the U.S. regulatory framework for digital asset businesses creates significant barriers to innovation and risks frittering away the potential benefits of the U.S. markets’ creativity. One of the chief challenges for today’s cryptocurrency businesses, especially those offering exchange, trading, or custody services, is the fragmented and inconsistent state law framework currently applied to…
On March 12, the SEC’s Division of Investment Management (“Division”) published a letter from Paul G. Cellupica, Deputy Director and Chief Counsel of the Division, to Karen Barr, President and CEO of the Investment Advisor Association, laying out a number of issues under Rule 206(4)-2 (the “Custody Rule”).  The letter included a request for information on possible revisions to the Custody Rule under the Investment Advisers Act of 1940 focused on a series of open-ended…
On December 21, 2018, the Securities and Exchange Commission (SEC) announced settlements with two robo-advisors, Wealthfront Advisers LLC (Wealthfront) and Hedgeable Inc. (Hedgeable), for making false statements about investment products and engaging in misleading advertising in violation of the Investment Advisors Act of 1940 (Act). These settlements mark the SEC’s first enforcement actions against robo-advisors and serve as a reminder that, although technology may change how an investment adviser operates, the SEC expects full compliance…
cybersecurity2
On November 1, 2018, the Canadian Digital Privacy Act came into effect.  The Act, passed on June 18, 2015, modified the data breach obligations for companies subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”) by introducing three new requirements in the event of certain data breaches:  reporting to the Canadian Office of the Privacy Commissioner (“OPC”), notification to the affected individuals, and recordkeeping obligations.  Below, we discuss these requirements and recent guidance…
On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a $16 million settlement with Anthem, Inc. over alleged violations of federal privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA).  The settlement resolves an investigation following a data breach that exposed protected health information of nearly 79 million people.  According to OCR, the incident is the largest health data breach to date…
On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a $16 million settlement with Anthem, Inc. over alleged violations of federal privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA).  The settlement resolves an investigation following a data breach that exposed protected health information of nearly 79 million people.  According to OCR, the incident is the largest health data breach to date…