Barrie VanBrackle, a partner in Orrick’s Washington, D.C.,
office, is a member of the Cyber, Privacy & Data Innovation practice and
co-leads Orrick's Fintech team.
An authority on payments and consumer financial services compliance, Barrie focuses on three areas at the cross-section of the fintech space: consumer-facing financial and banking, regulatory counseling and investigations, payment card industry, including brand operating rules and data security standards; money transmission; and prepaid card access on behalf of leading merchants, payment processors and industry vendors. Barrie advises on transactions involving the payment systems participants, including large merchants and financial technology companies, with respect to payment acceptance, payment issuance, co-brand agreements, payment card industry data security issues, and payment regulatory matters. In addition, Barrie has deep experience advising corporate and private equity clients in M&A contexts and other investments in fintech. Barrie represents payment card issuing and merchant acquiring banks (including acquiring a card program for one of the Top 5 largest financial institutions, negotiating cobrand agreements for a large issuing bank and a sports franchise, and negotiating novel payment acceptance methods for more traditional merchants). She helps fintechs navigate the banking and money transmission rules, including representing new market entrants into the US.
Barrie is a sought after speaker on the evolving regulatory and compliance issues surrounding payments and related e-commerce matters. Prior to joining Orrick, Barrie was a partner at Manatt, Phelps & Phillips LLP.
August 28, 2017 marks the end of the initial 180-day grace period for compliance under the New York Department of Financial Services’ “first-in-the-nation” cybersecurity regulations (the “Rules”). The initial regulations were proposed last year, but NY DFS received robust public comments that led to significant amendments. While the proposed regulations set out proscriptive, one-size-fits-all requirements, the final Rules align more closely to flexible federal, financial sector guidance, captured in the NIST cybersecurity framework and the FFIEC cybersecurity assessment tool. Accordingly, the final Rules require that cybersecurity programs be calibrated to periodic “risk assessments” that give entities discretion to specify the criteria used to identify, evaluate, and remediate risks, in the context of technological developments and corporate controls.
While covered entities are technically required to be in compliance with the Rules as of Monday, there are additional transitional periods for certain items (see below), and entities have until February 15, 2018 to submit their first certifications to NY DFS. For organizations still working through compliance requirements, the below steps may help to prioritize and implement a work plan. READ MORE
Just as it promised a year ago, New York State proposed new proscriptive, minimum cybersecurity requirements for regulated financial services institutions. The regulations go final after a 45-day notice and public comment period. At that point, entities regulated by the NYDFS will be subject to the nation’s first proscriptive set of cybersecurity requirements in contrast to the usual risk-based cybersecurity programs mandated by other financial regulators to date. Thus, unlike previous guidance and reports issued by financial regulators such as FINRA and the SEC, New York’s rules are specific requirements that all regulated financial institutions must adopt.. In this Part I, we review the proposed requirements, and offer some specific steps that regulated financial services institutions should begin to consider for compliance readiness.
On July 29, 2016, the Southern District of New York, in Meyer v. Kalanick, refused to enforce mandatory arbitration and jury waiver provisions against a putative class of Uber consumers. In a lengthy and strongly worded decision by Judge Rakoff, the Court held that consumers had not received sufficient notice of, and did not assent to, the online terms of service that contained the arbitration and waiver clauses at issue.
Every company that seeks to implement contractual commitments through online terms and policies should pay close attention to this decision. While not binding in other jurisdictions outside the SDNY, Meyer reflects a growing trend of more exacting judicial scrutiny on the enforceability of online agreements across the country, and represents an important development in a rapidly developing area of the law.