Katherine Mooney Carroll

Photo of Katherine Mooney Carroll

Katherine Mooney Carroll’s practice focuses on advising U.S. and international financial institutions on U.S. regulatory matters, including recent reforms pursuant to the Dodd-Frank Act, regulatory aspects of bank M&A, cybersecurity and privacy matters, and compliance with U.S. sanctions and anti-money laundering laws.

Latest Articles

On January 24 2019, Canada’s Office of the Superintendent of Financial Institutions (“OSFI”) released an Advisory detailing new requirements for Canadian federally regulated financial institutions (“FRFIs”) to report cyber incidents within 72 hours.  FRFIs include banks, trust companies, loan companies, life insurance companies, property and casualty insurance companies, and fraternal benefit societies. The new reporting requirements become effective on March 31, 2019.…
On January 22, the Financial Industry Regulatory Authority (“FINRA”)[1] released its 2019 Risk Monitoring and Examination Priorities Letter (the “Letter”).  The Letter highlights material new priorities for FINRA examinations in the coming year, as well as priorities in areas of ongoing concern.  The topics highlighted in this year’s Letter reflect FINRA’s increasing focus on its members’ interaction with, and adoption of, innovative financial technologies, as well as its implicit acknowledgement of the ability for…
On January 22, the Financial Industry Regulatory Authority (“FINRA”)[1] released its 2019 Risk Monitoring and Examination Priorities Letter (the “Letter”).  The Letter highlights material new priorities for FINRA examinations in the coming year, as well as priorities in areas of ongoing concern.  The topics highlighted in this year’s Letter reflect FINRA’s increasing focus on its members’ interaction with, and adoption of, innovative financial technologies, as well as its implicit acknowledgement of the ability for…
In 2018, data privacy and cyber breaches made headlines throughout the year. Major companies continued to suffer data breaches, highlighting the risks and potential costs of cyber incidents across industries.  At the same time, a growing and overlapping thicket of data security and privacy regulations—within the U.S., European Union, Latin America, and elsewhere—continued to increase compliance costs and regulatory risks.  This memo surveys some of the key cybersecurity and data privacy developments of 2018, including…
On January 7, 2019 the National Futures Association (“NFA”) provided additional guidance on the required cybersecurity practices of certain NFA members by amending its Interpretive Notice entitled NFA Compliance Rules 2-9, 2-36 and 2-49: Information Systems Security Programs (the “Interpretive Notice”).  The Interpretive Notice currently requires each NFA member futures commission merchant (“FCM”), commodity trading advisor, commodity pool operator, introducing broker (“IB”), retail foreign exchange dealer, swap dealer (“SD”) and major swap participant to implement…
On December 20, 2018, the Financial Industry Regulatory Authority (“FINRA”) released a Report on Selected Cybersecurity Practices for broker-dealer firms.  This report reflects FINRA’s current perspective on the cybersecurity threat landscape based on observations from its examinations of securities firms.  Below we discuss the report’s key observations and contextualize these insights for members of the financial industry.…
On November 28, 2018, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) identified for the first time digital currency addresses associated with sanctioned persons.  The newly sanctioned individuals, Iran-based Ali Khorashadizadeh and Mohammad Ghorbaniyan, were accused of converting digital currency payments into Iranian rial as part of a widespread ransomware scheme.  Since 2015, the ransomware scheme (known as “SamSam”) has infected the data networks of corporations, hospitals, universities, and government agencies.  According…
On November 28, 2018, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) identified for the first time digital currency addresses associated with sanctioned persons.  The newly sanctioned individuals, Iran-based Ali Khorashadizadeh and Mohammad Ghorbaniyan, were accused of converting digital currency payments into Iranian rial as part of a widespread ransomware scheme.  Since 2015, the ransomware scheme (known as “SamSam”) has infected the data networks of corporations, hospitals, universities, and government agencies.  According…
On October 10, 2018, the Department of the Treasury issued interim regulations (“Interim Regulations”) for the Committee on Foreign Investment in the United States (“CFIUS”) to conduct a pilot program implementing provisions relating to critical technologies of the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), which recently amended the Exon-Florio amendments to the Defense Production Act of 1950 (together, “Exon-Florio”). The Department of the Treasury also released amendments to CFIUS’s regulations effective October…
On August 1, 2018 the U.S. Senate joined the U.S. House of Representatives in agreeing to a conference report that sent the National Defense Authorization Act for Fiscal Year 2019 (“NDAA”), which incorporated a version of the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), to the U.S. President for his signature. The President is expected to sign the NDAA. FIRRMA updates the statute authorizing reviews of foreign investment by the Committee on Foreign…