top of page

    Cyber (Payments)

 

  • Managed compliance with the legal aspects of the Payment Card Industry Data Security Standard (PCI DSS), such as maintaining the Internal Security Assessor certification, conducting a regular PCI audit, assisting in the preparation of a yearly PCI Report of Compliance (ROC) and an Attestation of Compliance (AOC), establishing and executing remediation plans to close PCI control gaps, preparation of various reports to validate PCI compliance, insuring execution of required PCI compliance testing (such as quarterly PCI vulnerability scans), timely submission of required PCI test results to the appropriate external entities (such as card processors and card brands), required by PCI, negotiated agreements with certified network penetration testing service providers to perform required penetration (“pen”) testing for all key network access points and established remediation activities based on pen test results.

 

  • Mergers and acquisitions (M&A) of banking, credit card and other types of bank and non-bank payment systems holding entities.

 

  • Compliance with the requirements of the Office of the Comptroller of the Currency (OCC) Comptroller's Handbook for credit card products, examination procedures, lending models, marketing and underwriting of new accounts, purchased credit card relationships, risk management risks (such as compliance, credit, interest rate, liquidity, operational, reputational, strategic), scoring models.

 

  • Familiarity with the Tobit (Types I and II) credit card modeling approaches.

 

  • Resolution of customer disputes regarding electronic transactions involving various payment systems, such as: automated clearing house (ACH); automated teller machine (ATM); credit cards; credit card chip readers; debit cards; personal identification numbers (PINs); proprietary website-based banking systems; website-based bill pay service.

 

  • Responsible for the legal aspects of credit card consolidation loans, funding frameworks for credit card loans, handling incoming re-presentments, processing chargebacks, recommending the issuance of provisional credit.

 

  • Compliance with numerous credit-related advertising and consumer protection provisions by Federal consumer protection agencies and in Federal consumer protection statutes, such as the: Children's Online Privacy Protection Act (COPPA); Consumer Financial Protection Bureau (CFPB) 12 CFR Part 1002 - Equal Credit Opportunity Act (Regulation B); CFPB 12 CFR Part 1030 - Truth in Savings (Regulation DD); Controlling the Assault of Non-solicited Pornography and Marketing Act (CAN-SPAM); Credit Card Accountability Responsibility and Disclosure Act (CCARDA); Dodd–Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank); Fair Credit Reporting Act (FCRA); Fair Housing Act (FHA); Federal Deposit Insurance Corporation (FDIC) Advertising Rules (Part 338) (Fair Housing); Federal Trade Commission (FTC) guidelines; Junk Fax Prevention Act (JFPA); Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act); Telephone Consumer Protection Act (TCPA); Unfair, Deceptive or Abusive Acts or Practices (UDAAP) Act; United States Code (USC) 12 USC 1829a (Participation by state nonmember insured banks in lotteries and related activities).

 

  • Compliance with international advertising rules regarding credit cards, such as the Australian Securities and Investments Commission (ASIC) Regulatory Guide 234 outlines and the Financial Consumer Agency of Canada Code of Conduct for the Credit and Debit Card Industry.

 

  • Compliance with Federal Reserve Board (FRB) Regulations E regarding electronic funds transfers (ETFs).

 

  • Compliance with the Truth In Lending Act (TILA) in general, Consumer Financial Protection Bureau (CFPB) 12 CFR Part 1026 (Regulation Z) regarding advertising involving credit cards, under which lenders are required to provide information in writing regarding interest rates, fees and finance charges to potential borrowers involved in transactions such as: certain student loans; credit cards; home equity lines of credit; home mortgages; installment loans; reverse mortgages.

 

  • Familiarity with domestic and international credit scoring models.

 

  • Developed and conducted privacy and security awareness training programs and authored information technology (IT) security communications.

 

  • Compliance with current applications of Federal Crimes Enforcement Network (FinCEN) directives pursuant to Bank Secrecy Act (BSA) regulations, as applied through 31 CFR Chapter X and Federal Register Notices, Administrative Rulings, Guidance, extensions of the 2001 US Patriot Act, 311 Special Measures, and application of the Customer Due Diligence (CDD) Final Rule.

 

  • Familiarity with the BSA e-filing requirements as an attorney, reporting Foreign Bank and Financial Accounts (FBARs).

 

  • Continual tracking of the evolution of FinCEN regulations as applied to the virtual currencies and payments industries (such as FIN-2013-G001, issued March 18, 2013, entitled “Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies”, FIN-2014-R001, issued January 30, 2014, entitled “Application of FinCEN’s Regulations to Virtual Currency Mining Operations”, and, FIN-2019-G001, issued May 9, 2019, entitled “Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies”), refining the definition of “money transmitters” (MTs) (also known as “money transfer service”) and applicable registration requirements for MSBs, pursuant to and FinCEN Ruling 2004-3, issued August 17, 2004, entitled “Definition of Money Services Business (Money Transmitter/Currency Dealer or Exchanger)”.

 

  • Legal support for money transmitter licensure (MTL) operations, such as federal registration with FinCEN, assisting with the initial risk assessment, drafting an anti-money-laundering corporate policy (including a detailed compliance program), appointment of a qualified compliance officer, compliance training for all personnel, facilitating regular outside audits of the compliance program, reporting to FinCEN concerning the personal information of the company’s customers and transactions, licensure requirements for all applicable states (including but not limited to: audited financial statements of the applicant business and any subsidiaries; personal financial records of all directors, principal officers, owner or 10% shareholders – designated “Control Persons”; records of occupations for all Control Persons for the prior 15 years, including any disciplinary actions taken by any employer; list of all lawsuits or criminal complaints against any Control Person in the prior 15 years; third-party criminal and civil background checks; marital, divorce and familial records, including names of dependents of Control Persons; fingerprints of Control Persons; onerous bonding requirements; continuous minimum capitalization requirements).

 

  • Legal support for Informal Value Transfer Systems (IVTs), which FinCEN classifies as money transmitters (MTs) for the purposes of registration and licensing, pursuant to Advisory Issue 33, issued in March 2003, entitled “Informal Value Transfer Systems (IVTS)”.

 

  • Consultation regarding 1978 Electronic Fund Transfer Act (EFTA), 12 CFR Part 205 (Electronic Fund Transfers – Regulation E), regarding  electronic funds transfers (EFTs) and  guidelines for issuers and sellers of electronic debit cards, including but not limited to transfers using automated teller machines (ATMs), point-of-sale transactions and automated clearing house (ACH) systems.

 

  • Compliance with Federal Financial Institutions Examination Council (FFIEC) – consisting of representatives from the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), the Consumer Financial Protection Bureau (CFPB) and the State Liaison Committee (SLC), which includes representatives from the Conference of State Bank Supervisors (CSBS), the American Council of State Savings Supervisors (ACSSS), and the National Association of State Credit Union Supervisors (NASCUS) –  guidelines and uniform practices and principles for financial institutions, such as the key areas for compliance (business continuity planning; development and acquisition; electronic banking; information security; information technology audit; information technology management; operations; outsourcing technology services; retail payment systems; supervision of technology service providers – TSPs; and, wholesale payment systems).

 

  • Investigations regarding unfair, deceptive, or abusive acts or practices (collectively “UDAAP”) by any individual or entity offering financial products or services to consumers, pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), empowering the Consumer Financial Protection Bureau (CFPB) to promulgate rules about UDAAPs and the Federal Trade Commission (FTC) to enforce such rules.

 

  • Compliance with the Financial Modernization Act, also known as the Gramm-Leach-Bliley Act (GLBA) requiring financial institutions to explain and demonstrate how they share and protect private data of their customers, through communication to customers regarding how such private data is collected, stored and shared, and through informing customers of their opt-out rights if they prefer that their private data not be shared with third parties, through the application of specific policies, protocols and protections embodied in a written information security plan in accordance with the Safeguards Rule (SR) and the FTC Privacy of Consumer Financial Information Rule (Privacy Rule) (16 CFR Part 313).

 

  • Investigations regarding compliance with those aspects of the Fair Credit Reporting Act (FCRA) (15 U.S.C. § 1681) now known collectively as the FTC Red Flags Rule (16 CFR Part 681), based on Sections 114 and 315 of the 2003 Fair and Accurate Credit Transactions Act (FACTA), enforced commencing on December 31, 2010 and later clarified by the 2010 Red Flag Program Clarification Act, generally concerning identity theft prevention, credit history restoration, consumer access to credit card information, enhancing the accuracy of credit reporting, limiting the use and sharing of medical information within the financial system, general consumer financial awareness and handling employee misconduct investigations, pursuant to a written Identity Theft Prevention Program (ITPP).

 

  • Compliance for many ecommerce payment systems, such as automated clearing house (ACH), bank transfers, credit cards, direct deposit, e-wallets, mobile payments, prepaid cards, smart cards, virtual credit cards (VCC), utilizing Electronic Data Interchange (EDI) technology, often utilizing two-factor verification and certificates from an authorized certification authority (CA) providing public key infrastructure (PKI) for securing the transaction data, such as 2Checkout, Airtel Money, Alipay, Android Pay, Apple Pay, Amazon Payments, Authorize.net, Braintree, clearXchange, Due, Dwolla, Google Wallet/Pay/Pay Send, GoPayment, M-Pesa, Mobile Money Wallets, MovoCash, National Processing, North American Bancard, Paymentwall, Payoneer, PayPal, Paytm, Payza, Skrill, Samsung Pay, Serve, Spark Pay, Square, Stripe, Total Merchant Services, Trusty, V.me, Venmo, WePay.

 

  • Compliance for new payment systems technologies – blockchain, cryptocurrency exchange, cryptocurrency tumbler, cryptocurrency wallet, cryptographic hash function, distributed ledger, fork, lightning network, smart contract – and decentralized cryptocurrencies, based on various cryptographic hashes and consensus mechanisms such as proof-of-work – CryptoNote (Monero), Equihash (Zcash, Zcoin), Ethash (Ethereum, Ethereum Classic), Lyra2 (Taler), SHA-256 (Bitcoin, Bitcoin Cash, Counterparty, MazaCoin, Namecoin, NeuCoin, Nxt, Peercoin, Titcoin), Scrypt (Auroracoin, Bitconnect, Bitcoin Gold, Coinye, Dogecoin, Gridcoin, Litecoin, PotCoin), X11 (Dash, Petro) – proof-of-stake – EOS.IO, Steem – ERC-20 Tokens (Augur, Aventus, Basic Attention Token, Centra, Kin, KodakCoin, Minds, Power Ledger) – transacting through various exchanges – ANX, Binance, Bitcoin Center NYC, Bitfinex, bitFlyer, Bithumb, BitMEX, Bitstamp, Bittrex, BTCC, BTC Markets, CEX.IO, Coinbase, Coincheck, Coinfloor, Coinrail, Coins.ph, Gemini, Huobi, Kraken, LocalBitcoins, OKEx, ShapeShift, Upbit.

 

  • Compliance with National Automated Clearing House Association (NACHA) ACH bulletins, rules, practices, procedures and protocols, updated constantly in response to advisory rules, guidelines and regulations relating to financial transactions issued by regulating authorities such as the CFPB, CSBS, FinCEN, FFIEC, FDIC, FRB, OCC, OFAC and others.

 

  • Consultation regarding blockchain digital ledger transaction (DLT) related to real estate, for individuals, entrepreneurs, established businesses, family offices, individual investors, private funds, real estate owners and operators.

 

  • Consultation regarding the advantages of tokenized real property, such as access to virtually unlimited domestic and international capital investment by a virtually unlimited pool of potential investors through listings on various cryptocurrency exchanges, fractionalization of ownership, increased liquidity, reduced barriers to investment by individuals (whether accredited or not), relative security, relative transparency, simplified investor management.

 

  • Typical tasks related to real estate tokenization, such as identifying the appropriate structure for the project – whether fund, hybrid, limited partnership, special purpose vehicle (SPV), the appropriate type of real estate to be tokenized (whether apartment buildings, development sites, income-producing, office buildings), clearing clouds and encumbrances from the title of the subject property, consultation regarding applicable federal, state and local statutes, rules and regulations, environmental issues, holders of record, the type of interest each investor will have in the project, the tokenization ratio for the project, regulatory issues (AML, KYC, regulatory compliance, regulatory reporting), whether to use so-called smart contracts or plain old-fashioned (but much more secure) paper contracts based on popular electronic applications (such as Adobe PDF or Microsoft Word), tax issues (based on both the particular property and the individual situations of the investors), tracking any resales.

    Last updated 200614_1950

bottom of page