Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
From helping to draft key legislation, to participating in key rulemaking proposals and policy initiatives, to counseling clients in complying with implementing requirements and representing clients in litigation, investigations and agency examinations, Covington’s financial privacy lawyers have been at the center of the development of comprehensive and workable rules to protect the privacy of personal financial information. By providing testimony, advice, and representation, we are thought leaders on these critical policy and business issues.
Firm lawyers were extensively involved in the legislative process that produced the Gramm-Leach-Bliley Act (“GLB”), governing general financial institution privacy, and the Fair and Accurate Credit Transactions Act (“FACTA”), the 2003 legislation that overhauled the Fair Credit Reporting Act (“FCRA”) and made permanent its federal preemptions. We also worked closely with the federal regulatory agencies that issued detailed regulations implementing these laws. Indeed, two of our lawyers led the implementation team sport key rulemaking proceedings at the Federal Reserve Board and Federal Trade Commission.
We regularly advise clients regarding compliance with GLB, FACTA, FCRA and their underlying regulations. Likewise, we assist our clients in understanding and complying with the many state laws and regulations that have emerged in recent years governing financial privacy and identity theft. We have also advised UK and European financial institutions on the privacy implications of complying with EU money-laundering rules and access requests.
Our lawyers regularly assist both financial and non-financial companies in responding to data security breaches, as well as in developing programs to avoid such breaches. We also have negotiated with federal and state regulators on behalf of clients to mitigate potential penalties and enforcement actions related to data security breaches. We have deep experience with regulatory authorities at every level, which is played an important role in our ability to achieve favorable results for our clients.
Fair Credit Reporting Act (FCRA)
Advising several of the largest bank holding companies in the U.S. on compliance with the FCRA. Advising major consumer reporting agencies and trade associations on the requirement of the FCRA. Successfully representing numerous consumer reporting agencies and financial services providers in CFPB and FTC supervisory and enforcement actions relating to FCRA. Representing numerous firms in connection with the acquisition of FCRA-regulated businesses, including due diligence and preparation of merger and acquisition documents.
Gramm-Leach-Bliley Act (GLBA) and State Financial Privacy Laws
We have advised the largest and most sophisticated banks, consumer reporting agencies, and financial services companies on the collection, use and disclosure of nonpublic personal information under GLBA, that California Financial Information Privacy Act, and similar laws, including the development and implementation of privacy notices.
Global compliance
Serving as global privacy and data security counsel to a global e-commerce business, including advising on financial services privacy and information security-related aspects of certain mobile payments and mobile wallet services and international data transfers
PCI DSS Standards
Advised online retailers regarding compliance with the Payment Card Industry standards for the storage, processing, and transmission of credit cardholder data.
Health privacy litigation
Advised a large pharmaceutical company in connection with litigation involving the alleged infringement of patient privacy by a pharmacy chain that collects personal information about prescription drug users.
March 7, 2019, Inside Privacy
On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”). Most significantly, the FTC is proposing to add more detailed requirements to the Safeguards Rule, which governs the information security programs financial institutions must implement to protect ...
December 26, 2018, Bloomberg Law
Michael Nonaka is quoted Bloomberg Law regarding the Office of the Comptroller of the Currency’s 2019 revamped rules for banks’ community investments. Mr. Nonaka says, “It’ll be interesting to see what the next step is in the rulemaking process, and that will reveal whether there are these differences.” He said the agencies are likely to come together on some ...
October 26, 2018, Inside Privacy
On October 18, 2018, the Dutch Supervisory Authority for data protection adopted guidance on the second Payment Service Directive (“PSD2”). The PSD2 intends to open the financial services market to a larger scale of innovative online services. To that effect, the PSD2 sets out rules for obtaining access to the financial information of bank customers. ...… ...
August 17, 2018
WASHINGTON— Law360 named Covington lawyers Alexander Berengaut, Michael Nonaka, and Ursula Owczarkowski to its list of “2018 Rising Stars.” This annual recognition honors top attorneys under 40 “whose legal accomplishments transcend their age.” Alex Berengaut represents clients in civil litigation, international arbitrations, and government enforcement ...
August 7, 2018, Global Data Review
David Stein is quoted in Global Data Review regarding the U.S. Department of Treasury’s recommendation to introduce data protection regulations in the fintech industry. Mr. Stein suggested that such a law may have to be modeled on existing state-level legislation. He says, “There likely would be pressure to enhance existing federal data security laws that apply ...
August 1, 2018, Bloomberg Law
Michael Nonaka is quoted in Bloomberg Law on the fintech industry’s enthusiasm regarding the Treasury Department’s recommendation that Congress support the “valid when made” doctrine. Mr. Nonaka adds, “The [recommendation] shows that these issues are not going away and that the uncertainty created from a growing body of inconsistent court opinions isn't a stable ...
OCC Will Accept Fintech Charter Applications
July 31, 2018, Law360
Michael Nonaka is quoted in Law360 regarding the Office of the Comptroller of the Currency accepting applications for special-purpose national bank charters from financial technology companies. Mr. Nonaka says it will be a while before any fintech firms operate as national banks, and they may ultimately decide the special purpose charter does not suit their ...
July 24, 2018, Inside Privacy
Blockchain technology has the potential to revolutionise many industries; it has been said that “blockchain will do to the financial system what the internet did to media”. Its most famous use is its role as the architecture of the cryptocurrency Bitcoin, however it has many other potential uses in the financial sector, for instance in...… Continue Reading
April 19, 2018
WASHINGTON—The BTI Consulting Group has named Covington lawyers Andrew Smith, Jonathan Sperling, and Allan Topol to its 2018 “Client Service All-Stars” list, which recognizes “the leaders in superior client service.” Mr. Smith, based in Washington, advises clients on retail financial services, credit reporting, privacy, technology, and e-commerce issues. He ...
March 16, 2018, Inside Privacy
By Bruce Bennett, Carlo Kostka, Craig Pollack, Dan Cooper, Gemma Nash, Kristof Van Quathem, Mark Young, and Sophie Bertin The EU Payment Services Directive (PSD2), which took effect on January 13, 2018, puts an obligation on banks to give Third Party Providers (TPPs) access to a customer’s payment account data, provided the customer expressly consents to...… ...
Rising Star: Covington & Burling's Elizabeth Canter
August 2, 2017, Law360
Libbie Canter was named a "Rising Star" by Law360, recognizing her as a top lawyer under 40 in Privacy & Cybersecurity law. In its profile of Canter, Law360 highlights her advisory role on significant transactions, including Microsoft’s $8.5 billion acquisition of video call service Skype.
Proposed Restrictions on Mexican Remittances Could Hinder Fintechs, Probably Not Banks
May 11, 2017, Forbes
Michael Nonaka is quoted in a Forbes article regarding the prospect of President Trump's taxing remittances for a Mexico border wall, and the possibility of an increase in the use of digital currencies as a result. In discussing banks and payment companies' experience in this field, Nonaka indicates that these institutions have taken the proposed rules in ...
Spring 2017, The Business Lawyer
December 5, 2016, Inside Privacy
On December 1, 2016, the Commission on Enhancing National Cybersecurity released its Report on Securing and Growing the Digital Economy. In its Report, the Commission, established in February 2016 by President Obama, provided detailed short- and long-term recommendations to strengthen cybersecurity in the public and private sectors. The Commission took a ...
October 20, 2016, Covington Alert
On October 19, 2016, the Board of Governors of the Federal Reserve System (Federal Reserve), Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC) (collectively the “Agencies”) released a joint Advance Notice of Proposed Rulemaking (ANPR) requesting public comment on enhanced cybersecurity standards that would apply to ...
September 15, 2016, Inside Privacy
On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State Register. The regulation will ...
August 31, 2016, Inside Privacy
The Federal Trade Commission (“FTC” or “Commission”) is soliciting public comments on its Standards for Safeguarding Customer Information (“Safeguards Rule”) as part of the systematic review of all FTC rules and guides on a 10-year schedule. The Safeguards Rule was promulgated by the Commission pursuant to the Gramm-Leach-Bliley Act’s (“GLBA”) directive for ...
June 15, 2016, Inside Privacy
By Ciarra Chavarria On June 8, 2016, the Securities and Exchange Commission announced that Morgan Stanley Smith Barney LLC (“Morgan Stanley”) had agreed to pay $1 million as a penalty for charges relating to its “failures to protect customer information.” Morgan Stanley’s settlement with the SEC came several months after a federal court found one...… Continue ...
May 17, 2016, Inside Privacy
The EU Network and Information Security (NIS) Directive now looks likely to enter into force in August of this year. Member States will then have 21 months to implement it into national law before the new security and incident notification obligations will start to apply to the following entities: designated* “operators of essential services” within...… ...
May 5, 2016, Data Guidance
Michael Nonaka is quoted in this Data Guidance article regarding the Payment Card Industry Security Standards Council’s latest version of its data security standard. According to Nonaka, "PCI DSS version 3.2 does not reflect sweeping changes to the requirements in prior versions, but it is indicative of the data security priorities being expressed by card ...
October 22, 2014, Inside Privacy
By Ani Gevorkian On Monday, the Consumer Financial Protection Bureau (CFPB) finalized a rule that promotes more effective privacy disclosures and saves the financial services industry around $17 million dollars. The new rule permits financial institutions that restrict data-sharing to post their annual privacy notices online rather than delivering them to ...