Skip to main content

Cybersecurity in the Age of Regulators Gone Wild

Speaker(s): Brian E. Finch, Mercedes K. Tunstall
Recorded on: Jun. 22, 2016
PLI Program #: 184127

Brian Finch is a partner in the law firm’s Public Policy practice and is based in Pillsbury’s Washington, DC office. Named by Washingtonian magazine in 2011 as one of the top 40 federal lobbyists under the age of 40 and by Law360 as one of its “Rising Stars” in Privacy Law in 2014, Brian is a recognized authority on global security matters. He specializes in counseling on regulatory and government affairs issues involving the Department of Homeland Security, Congress, the Department of Defense, and other federal agencies. Brian in particular focuses his practice on assisting clients with matters involving cyber security, national defense and intelligence policies, homeland security concerns, and in general providing proactive advice to mitigate liability in the event of a significant security incident.

Areas of Concentration

Brian is a leading authority on the SAFETY Act, a federal statute that can provide liability protection to companies following a terrorist or cyber attack. He has helped prepare over 100 applications for such protections, including for services and technologies such as security guards and vulnerability assessments to software programs and security screening devices. He also testified twice before the U.S. Congress on matters related to the SAFETY Act, and writes regularly about its practical application for business.

Brian is recognized as a leading legal authority on matters related to cyber security, including the legal and policy challenges associated with the consequences of companies suffering a cyber attack, as well as the steps that can be taken to help mitigate the risk of attack as well as post-event litigation.

Brian also regularly advocates on behalf of companies seeking to ensure that federal agencies have sufficient funding for contract vehicles in which they participate.
Brian has represented a wide variety of clients on security matters, including Major League Baseball, FireEye, Inc,, the American Gas Association, the American Public Power Association, the Edison Electric Institute, the National Rural Electric Cooperative Association, Honeywell International, L-3 Communications, Emgerent BioSolutions, Washington Gas, Brookfield Office Properties, G4S, and McAfee Inc.


Prior to joining Pillsbury, Brian practiced with two Washington, DC law firms and worked as a legal intern with the Office of Chief Counsel of the Drug Enforcement Administration, U.S. Department of Justice.

Professional Activities

Brian is a senior advisor to the Homeland Security and Defense Council, serves the National Center for Spectator Sports Safety and Security’s advisory board, and as an inaugural Senior Fellow at George Washington University’s Homeland Security Policy Institute. Brian is a professorial lecturer in law at The George Washington University Law School, where he co-teaches homeland security law and policy.

Brian regularly speaks and writes on security issues. He has cyber security blog on The Huffington Post, a regular cyber security column on the Fox Business website, and appears regularly on cable news as a security expert. He also has authored or co-authored articles for the Wall Street Journal, Politico, The Hill, National Journal, The Washington Times, and other publications.

Honors & Awards
  • Law360 – Rising Stars, April 2014
  • Washingtonian 40 Lobbyists Under 40, March 2011
Speaking Engagements

Information Security Issues, Practising Law Institute Financial Services IT 2014: Avoidance of Risk Seminar, May 21, 2014

Cybersecurity: Progress and Challenges to Keep Your Co-Op Safe, National Rural Electric Cooperative Association Legal Seminar 54, May 20-21, 2014

Cultivating Ethics: Mitigation Vulnerability to Cyber and Data Security Threats in Order to Maintain Client Confidentiality, Virtual LegalTech, May 15, 2014

Insight on Cyber Security Strategies, Cyber Security and Countering Corporate Espionage Symposium, May 1, 2014

Surviving the Cyber Tsunami: Cybersecurity Worries and Opportunities for Security Contractors, 2014

Security Industry Association Education@International Security Conference and Exposition West, April 2, 2014

Mercedes Tunstall is a partner in the law firm’s Public Policy practice and is located in the Washington, DC office. Ms. Tunstall counsels clients on compliance with consumer financial services laws, including unfair, deceptive, and abusive acts or practices, as well as the investigations, rulemakings, and proceedings of the Consumer Financial Protection Bureau and the Federal Trade Commission. Her practice covers a range of consumer products, including deposits, credit cards, reverse mortgages, prepaid cards and electronic fund transfers.

Ms. Tunstall has substantial experience working with clients to develop new financial products and services, including mobile wallets, virtual currencies, and prepaid cards. These engagements typically include negotiating agreements with technology vendors, reviewing technical designs, privacy and data security concerns.

She also works with clients from a spectrum of industries on mobile and other e-commerce initiatives, privacy and cybersecurity issues, and the use of social networking sites for marketing, customer service, and crowdsourcing purposes. She has testified on virtual currencies before two subcommittees of the U.S. Senate Committee on Banking, Housing and Urban Affairs.

Prior to joining Pillsbury, Ms. Tunstall was a partner and practice leader of Ballard Spahr’s Privacy and Data Security Group. Before joining Ballard Spahr, Ms. Tunstall was lead counsel for Global Marketing and Deposits at Ally Financial. She also worked in-house for Bank of America, where she managed all legal aspects of e-commerce, and at HSBC, where she managed consumer financial services litigation.

Ms. Tunstall was a Staff Attorney at the Federal Trade Commission, where she investigated and litigated the Commission’s first Internet hijacking case, among other Internet fraud matters.

Honors & Awards
  • Legal 500 US, Cyber Crime (2015)
  • Chambers USA, Financial Services Regulation: Consumer Finance (Compliance) (2015)

Speaking Engagements

“Bank Cyber Security and Regulatory Imperatives”, webinar for American Banker, December 12, 2014

“Cybersecurity for Financial Institutions”, webinar for NEACH, October 29, 2014

“Best Practices in Selling Debt Cancellation Products”, AON Integramark Annual Legal and Regulatory Seminar, Atlanta, GA, October 23, 2014

“Hackers and Cyber Threats: No Longer Just a Hollywood Movie Plot”, Panel Moderator, M&A East 2014, Philadelphia, PA, October 8, 2014

“Best Practices for Mitigating Privacy and Data Security Risks in the Emerging Payments Market”, 8th National Forum on Emerging Payments Systems Balancing Innovation with Consumer Protections, Washington, DC, September 22, 2014

“Cybersecurity for Mortgage Market Participants”, Mortgage Bankers Association Quality and Assurance Meeting, Miami, FL, September 8, 2014

“Vendor Management: Give the Regulators What They Want”, webinar for the American Banker, June 25, 2014

“Online Lending and CFPB Expectations”, webinar for BNA, May 20, 2014

“Managing Digital Risks: Mobile, Social Media and Disclosure”, American Bankers Association Regional General Counsels Meeting, Washington, DC, May 2, 2014

"Cybersecurity: Best Practices for Financial Institutions," webinar, July 16, 2014

"The CFPB's First 1,000 Days," webinar, April 16, 2014

"Dos and Don'ts of Advertising Credit Cards, Prepaid Cards, and Deposits," webinar, March 18, 2014

"The CFPB's Financial Literacy Mandate: What It Means for Industry," webinar, March 11, 2014

“Emerging Payments and Privacy and Data Security”, International Association of Privacy Professionals Global Privacy Event, Washington, DC, March 7, 2014

"Credit Cards: Getting Ready for More CFPB Scrutiny," webinar, February 19, 2014

“Social Media Red Flags: How to Stay on the Right Side of the FFIEC’s Final Guidance”, webinar for the American Banker, February 5, 2014

"Securing Critical Infrastructure: An Update on the Administration's Cybersecurity Standards," webinar, December 4, 2013

"A New World for International Money Transfers: Complying with the CFPB's Remittance Transfer Rule," webinar, November 22, 2013

"Enterprise Network Security," Part V in a Series of CISO Executive Network Breakfast Roundtables, Washington, D.C., October 1, 2013; and Philadelphia, October 10, 2013

"Endpoint and Mobile Device Security," Part IV in a Series of CISO Executive Network Breakfast Roundtables, Washington, D.C., August 20, 2013; and Philadelphia, August 29, 2013

"UDAAP Front and Center – Mitigating Risk," webinar, August 7, 2013

"The ABCs of Consumer Privacy Communications," webinar, June 28, 2013

"Mobile Advertising Review: Creating Effective Advertising Review Policies and Procedures in the Digital Age," webinar, June 5, 2013

"Online Disclosures 101: FTC Dot-Com and Mobile Disclosures," webinar, April 15, 2013

"Cybersecurity – From Advanced Threat Awareness to Preparedness: Creating a Security-Aware Corporate Culture," webinar, April 2, 2013

"The CFPB and Prepaid Cards: Critical Updates on the Bureau’s Activity and What the Prepaid Industry Can Expect Going Forward" and "Post-Conference Master Class – Emerging Payment Systems: Legal, Regulatory, and Compliance Considerations for New Technologies and Evolving Products," American Conference Institute's 7th National Forum on Prepaid Card Compliance, Washington, D.C., January 29 and 30, 2013

"The National Mortgage Database, by the Numbers," webinar, January 8, 2013

"The Latest Developments in Mobile Banking and Commerce and Tips for Handling the Mobile Banking and Commerce Applications Your Clients Are Starting To Use," 2013 Winter Meeting of the American Bar Association, Business Law Section, Consumer Financial Services Committee, Naples, Fla., January 8, 2013

"Advertising Dos and Don'ts for Mortgage Lenders and Brokers," webinar, December 6, 2012

Panelist, "Getting Mobile: Using the Mobile Channel To Deliver Consumer Financial Services and Reach New Customers," webinar, September 13, 2012

Panelist, "Service Provider Relationships in the CFPB Era: Safeguarding Yourself from Regulatory Liability," webinar, June 20, 2012

Panelist, "Business Method Patents and Financial Institutions: Opportunities and Risks," webinar, December 1, 2011

Panelist, "The First Anniversary of the Consumer Financial Protection Bureau," webinar, July 21, 2011

"You Like This: Using Social Media Channels To Reach Consumers," webinar, February 17, 2011


District of Columbia
U.S. District Court for the Eastern District of Virginia