Katherine Mooney Carroll

Katherine Mooney Carroll’s practice focuses on advising U.S. and international financial institutions on U.S. regulatory matters, including recent reforms pursuant to the Dodd-Frank Act, regulatory aspects of bank M&A, cybersecurity and privacy matters, and compliance with U.S. sanctions and anti-money laundering laws.

Firm/Organization: Cleary Gottlieb Steen & Hamilton LLP

Blogs: Cleary Cybersecurity and Privacy Watch, Cleary FinTech Update, Cleary International Trade and Sanctions Watch, Cleary M&A and Corporate Governance Watch

Latest Articles

Cleary Cybersecurity and Privacy Watch

Canadian Financial Regulator Publishes New Cyber Incident Reporting Guidelines Effective March 2019

By Katherine Mooney Carroll, Phillip L. Hurst & Whitney A. Lee on March 5, 2019

On January 24 2019, Canada’s Office of the Superintendent of Financial Institutions (“OSFI”) released an Advisory detailing new requirements for Canadian federally regulated financial institutions (“FRFIs”) to report cyber incidents within 72 hours. FRFIs include banks, trust companies, loan companies, life insurance companies, property and casualty insurance companies, and fraternal benefit societies. The new reporting requirements become effective on March 31, 2019.…

Cleary Cybersecurity and Privacy Watch

FINRA 2019 Examination Priorities Letter Includes Focus on FinTech and Cybersecurity

By Katherine Mooney Carroll, Colin D. Lloyd & Jim Wintering on February 12, 2019

On January 22, the Financial Industry Regulatory Authority (“FINRA”)[1] released its 2019 Risk Monitoring and Examination Priorities Letter (the “Letter”). The Letter highlights material new priorities for FINRA examinations in the coming year, as well as priorities in areas of ongoing concern. The topics highlighted in this year’s Letter reflect FINRA’s increasing focus on its members’ interaction with, and adoption of, innovative financial technologies, as well as its implicit acknowledgement of the ability for…

Cleary FinTech Update

FINRA 2019 Examination Priorities Letter Includes Focus on FinTech and Cybersecurity

By Katherine Mooney Carroll, Colin D. Lloyd & Jim Wintering on February 12, 2019

Cleary Cybersecurity and Privacy Watch

2018 Cybersecurity and Data Privacy Developments: A Year in Review

By Daniel Ilan, Jonathan S. Kolodner, Pamela L. Marcogliese, Rahul Mukhi, Katherine Mooney Carroll, Alexis Collins & Emmanuel Ronco on January 30, 2019

In 2018, data privacy and cyber breaches made headlines throughout the year. Major companies continued to suffer data breaches, highlighting the risks and potential costs of cyber incidents across industries. At the same time, a growing and overlapping thicket of data security and privacy regulations—within the U.S., European Union, Latin America, and elsewhere—continued to increase compliance costs and regulatory risks. This memo surveys some of the key cybersecurity and data privacy developments of 2018, including…

Cleary Cybersecurity and Privacy Watch

NFA Amends Interpretive Notice Regarding Cybersecurity Programs

By Katherine Mooney Carroll, Colin D. Lloyd, Alexis Collins, Brian J. Morris & Jacob P. Richards on January 15, 2019

On January 7, 2019 the National Futures Association (“NFA”) provided additional guidance on the required cybersecurity practices of certain NFA members by amending its Interpretive Notice entitled NFA Compliance Rules 2-9, 2-36 and 2-49: Information Systems Security Programs (the “Interpretive Notice”). The Interpretive Notice currently requires each NFA member futures commission merchant (“FCM”), commodity trading advisor, commodity pool operator, introducing broker (“IB”), retail foreign exchange dealer, swap dealer (“SD”) and major swap participant to implement…

Cleary Cybersecurity and Privacy Watch

FINRA Provides Updated Cybersecurity Guidance to Broker-Dealer Firms

By Katherine Mooney Carroll, Alexis Collins, Rahul Mukhi, Adam Motiwala & Whitney A. Lee on January 7, 2019

On December 20, 2018, the Financial Industry Regulatory Authority (“FINRA”) released a Report on Selected Cybersecurity Practices for broker-dealer firms. This report reflects FINRA’s current perspective on the cybersecurity threat landscape based on observations from its examinations of securities firms. Below we discuss the report’s key observations and contextualize these insights for members of the financial industry.…

Cleary Cybersecurity and Privacy Watch

OFAC Lists Digital Currency Addresses for First Time, Releases New Guidance

By Paul Marquardt, Katherine Mooney Carroll, Alexis Collins, Chinyelu Lee & Samuel H. Chang on December 5, 2018

On November 28, 2018, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) identified for the first time digital currency addresses associated with sanctioned persons. The newly sanctioned individuals, Iran-based Ali Khorashadizadeh and Mohammad Ghorbaniyan, were accused of converting digital currency payments into Iranian rial as part of a widespread ransomware scheme. Since 2015, the ransomware scheme (known as “SamSam”) has infected the data networks of corporations, hospitals, universities, and government agencies. According…

Cleary International Trade and Sanctions Watch

OFAC Lists Digital Currency Addresses for First Time, Releases New Guidance

By Paul Marquardt, Katherine Mooney Carroll, Alexis Collins, Chinyelu Lee & Samuel H. Chang on December 5, 2018

Cleary M&A and Corporate Governance Watch

CFIUS Introduces Pilot Program for Mandatory Declarations of Critical Technology Investments

By Paul Marquardt, Katherine Mooney Carroll & Chinyelu Lee on October 16, 2018

On October 10, 2018, the Department of the Treasury issued interim regulations (“Interim Regulations”) for the Committee on Foreign Investment in the United States (“CFIUS”) to conduct a pilot program implementing provisions relating to critical technologies of the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), which recently amended the Exon-Florio amendments to the Defense Production Act of 1950 (together, “Exon-Florio”). The Department of the Treasury also released amendments to CFIUS’s regulations effective October…

Cleary M&A and Corporate Governance Watch

Congress Passes CFIUS Reform Bill

By Paul Marquardt, Katherine Mooney Carroll & Chinyelu Lee on August 7, 2018

On August 1, 2018 the U.S. Senate joined the U.S. House of Representatives in agreeing to a conference report that sent the National Defense Authorization Act for Fiscal Year 2019 (“NDAA”), which incorporated a version of the Foreign Investment Risk Review Modernization Act of 2018 (“FIRRMA”), to the U.S. President for his signature. The President is expected to sign the NDAA. FIRRMA updates the statute authorizing reviews of foreign investment by the Committee on Foreign…

Katherine Mooney Carroll

Canadian Financial Regulator Publishes New Cyber Incident Reporting Guidelines Effective March 2019

FINRA 2019 Examination Priorities Letter Includes Focus on FinTech and Cybersecurity

FINRA 2019 Examination Priorities Letter Includes Focus on FinTech and Cybersecurity

2018 Cybersecurity and Data Privacy Developments: A Year in Review

NFA Amends Interpretive Notice Regarding Cybersecurity Programs

FINRA Provides Updated Cybersecurity Guidance to Broker-Dealer Firms

OFAC Lists Digital Currency Addresses for First Time, Releases New Guidance

OFAC Lists Digital Currency Addresses for First Time, Releases New Guidance

CFIUS Introduces Pilot Program for Mandatory Declarations of Critical Technology Investments

Congress Passes CFIUS Reform Bill

Company

Support

New to the Network