Katherine Mooney Carroll

Katherine Mooney Carroll’s practice focuses on advising U.S. and international financial institutions on U.S. regulatory matters, including recent reforms pursuant to the Dodd-Frank Act, regulatory aspects of bank M&A, cybersecurity and privacy matters, and compliance with U.S. sanctions and anti-money laundering laws.

Firm/Organization: Cleary Gottlieb Steen & Hamilton LLP

Blogs: Cleary Cybersecurity and Privacy Watch, Cleary FinTech Update, Cleary International Trade and Sanctions Watch, Cleary M&A and Corporate Governance Watch

Latest Articles

Cleary Cybersecurity and Privacy Watch

The CCPA Takes Shape with Proposed Regulations, as Companies are Encouraged to Comply by January 1

By Katherine Mooney Carroll, Jonathan S. Kolodner, Daniel Ilan, Rahul Mukhi, Alexis Collins, Jane C. Rosen & Michelle Butler

October 22, 2019

The final version of the California Consumer Privacy Act of 2018 is coming into view. On October 10, California’s Attorney General released the long-anticipated draft regulations to implement the CCPA, and on October 12, the Governor signed into law five amendments to the CCPA passed during the 2019 legislative session. (We previously discussed the CCPA here and the amendments here.) While the Regulations are currently subject to public comment and may be further modified…

Cleary FinTech Update

SEC Files First Suit Against Alleged Unregistered Broker-Dealer Operating in Digital Asset Markets

By Michael H. Krimminger, Katherine Mooney Carroll, Alexis Collins, Carl F. Emigholz & Jim Wintering

October 10, 2019

On September 18, 2019, the Securities and Exchange Commission (“SEC”) filed its first civil suit alleging violations of broker-dealer registration requirements in U.S. digital asset markets. In a case filed in the U.S. District Court for the Central District of California, the SEC alleged that Defendants ICOBox and its founder, Nikolay Evdokimov, illegally conducted an unregistered public securities offering for their 2017 initial coin offering (“ICO”), and have operated an unregistered brokerage service facilitating the…

Cleary Cybersecurity and Privacy Watch

SEC Files First Suit Against Alleged Unregistered Broker-Dealer Operating in Digital Asset Markets

By Michael H. Krimminger, Katherine Mooney Carroll, Alexis Collins, Carl F. Emigholz & Jim Wintering

October 10, 2019

Cleary Cybersecurity and Privacy Watch

California Consumer Privacy Act Amendments Offer Relief, but Challenges Remain

By Katherine Mooney Carroll, Jonathan S. Kolodner, Daniel Ilan, Rahul Mukhi, Alexis Collins, Jane C. Rosen & Whitney A. Lee

September 24, 2019

California’s 2019 legislative session has drawn to a close with passage of five amendments to the California Consumer Privacy Act (CCPA) during the final days of the session. Assuming that the bills are timely signed by the Governor before the October 13 deadline, businesses will finally have the complete version of the statute that will come into effect January 1, 2020 (with the exception of regulations expected to be issued by the California Attorney General…

Cleary Cybersecurity and Privacy Watch

Canadian Financial Regulator Publishes New Cyber Incident Reporting Guidelines Effective March 2019

By Katherine Mooney Carroll, Phillip L. Hurst & Whitney A. Lee

March 5, 2019

On January 24 2019, Canada’s Office of the Superintendent of Financial Institutions (“OSFI”) released an Advisory detailing new requirements for Canadian federally regulated financial institutions (“FRFIs”) to report cyber incidents within 72 hours. FRFIs include banks, trust companies, loan companies, life insurance companies, property and casualty insurance companies, and fraternal benefit societies. The new reporting requirements become effective on March 31, 2019.…

Cleary Cybersecurity and Privacy Watch

FINRA 2019 Examination Priorities Letter Includes Focus on FinTech and Cybersecurity

By Katherine Mooney Carroll, Colin D. Lloyd & Jim Wintering

February 12, 2019

On January 22, the Financial Industry Regulatory Authority (“FINRA”)[1] released its 2019 Risk Monitoring and Examination Priorities Letter (the “Letter”). The Letter highlights material new priorities for FINRA examinations in the coming year, as well as priorities in areas of ongoing concern. The topics highlighted in this year’s Letter reflect FINRA’s increasing focus on its members’ interaction with, and adoption of, innovative financial technologies, as well as its implicit acknowledgement of the ability for…

Cleary FinTech Update

FINRA 2019 Examination Priorities Letter Includes Focus on FinTech and Cybersecurity

By Katherine Mooney Carroll, Colin D. Lloyd & Jim Wintering

February 12, 2019

Cleary Cybersecurity and Privacy Watch

2018 Cybersecurity and Data Privacy Developments: A Year in Review

By Daniel Ilan, Jonathan S. Kolodner, Pamela L. Marcogliese, Rahul Mukhi, Katherine Mooney Carroll, Alexis Collins & Emmanuel Ronco

January 30, 2019

In 2018, data privacy and cyber breaches made headlines throughout the year. Major companies continued to suffer data breaches, highlighting the risks and potential costs of cyber incidents across industries. At the same time, a growing and overlapping thicket of data security and privacy regulations—within the U.S., European Union, Latin America, and elsewhere—continued to increase compliance costs and regulatory risks. This memo surveys some of the key cybersecurity and data privacy developments of 2018, including…

Cleary Cybersecurity and Privacy Watch

NFA Amends Interpretive Notice Regarding Cybersecurity Programs

By Katherine Mooney Carroll, Colin D. Lloyd, Alexis Collins, Brian J. Morris & Jacob P. Richards

January 15, 2019

On January 7, 2019 the National Futures Association (“NFA”) provided additional guidance on the required cybersecurity practices of certain NFA members by amending its Interpretive Notice entitled NFA Compliance Rules 2-9, 2-36 and 2-49: Information Systems Security Programs (the “Interpretive Notice”). The Interpretive Notice currently requires each NFA member futures commission merchant (“FCM”), commodity trading advisor, commodity pool operator, introducing broker (“IB”), retail foreign exchange dealer, swap dealer (“SD”) and major swap participant to implement…

Cleary Cybersecurity and Privacy Watch

FINRA Provides Updated Cybersecurity Guidance to Broker-Dealer Firms

By Katherine Mooney Carroll, Alexis Collins, Rahul Mukhi, Adam Motiwala & Whitney A. Lee

January 7, 2019

On December 20, 2018, the Financial Industry Regulatory Authority (“FINRA”) released a Report on Selected Cybersecurity Practices for broker-dealer firms. This report reflects FINRA’s current perspective on the cybersecurity threat landscape based on observations from its examinations of securities firms. Below we discuss the report’s key observations and contextualize these insights for members of the financial industry.…

Katherine Mooney Carroll

The CCPA Takes Shape with Proposed Regulations, as Companies are Encouraged to Comply by January 1

SEC Files First Suit Against Alleged Unregistered Broker-Dealer Operating in Digital Asset Markets

SEC Files First Suit Against Alleged Unregistered Broker-Dealer Operating in Digital Asset Markets

California Consumer Privacy Act Amendments Offer Relief, but Challenges Remain

Canadian Financial Regulator Publishes New Cyber Incident Reporting Guidelines Effective March 2019

FINRA 2019 Examination Priorities Letter Includes Focus on FinTech and Cybersecurity

FINRA 2019 Examination Priorities Letter Includes Focus on FinTech and Cybersecurity

2018 Cybersecurity and Data Privacy Developments: A Year in Review

NFA Amends Interpretive Notice Regarding Cybersecurity Programs

FINRA Provides Updated Cybersecurity Guidance to Broker-Dealer Firms

Stay Connected

Company

Support

New to the Network