With many fintechs taking the approach that it’s not if they will suffer a cyber attack but when, Skadden counsel Nicola Kerr-Shaw joins the latest “Fintech Focus episode to discuss how proper preparation can help significantly reduce regulatory scrutiny and sanctions, reputational impact and risk of resultant litigation. A member of the firm’s global Cybersecurity and Data Privacy Practice, Nicola covers notification messaging, regulatory expectations and ransom payment considerations in this discussion with host Joseph Kamyar. “Preparation is key, and even more so for fintechs, given the regulatory environment and personal liability under the SMCR,” she observes.

Top takeaways from this episode

• “Big Bang Effect”: Sometimes, a cyber attack is announced in a dramatic “big bang” – screens going dark, an image alerting you to the attack. Other times, it can be subtle, with certain systems suddenly unavailable for no apparent reason.
• Notifying Stakeholders: Nicola encourages fintechs to have a well-coordinated and well-considered communication strategy that guides response and addresses regulatory requirements.
• Communicating With Staff: Leaders should be prepared to give staff messaging that includes the basics of the event and reminds them not to post to social media.
• Do You Pay? Different laws apply to different jurisdictions, so a company that finds itself a victim of a ransom attack needs to carefully navigate the legal landscape.

Name: Joseph Kamyar

Title: European Counsel, Corporate at Skadden

Specialty: “Fintech Focus” host and European counsel Joseph Kamyar advises on a wide variety of corporate transactions, including cross-border private mergers and acquisitions, fundraisings, joint ventures, corporate reorganizations and general corporate matters, with a particular focus on the financial services, technology and media sectors.

Connect: LinkedIn | Email

Name: Nicola Kerr-Shaw

What she does: Counsel Nicola Kerr-Shaw, a key member of Skadden’s global Cybersecurity and Data Privacy Practice and an authority on AI-related issues, represents financial institutions, technology companies and other businesses in matters pertaining to AI, cybersecurity, data and privacy, and emerging technologies. She works with companies to creatively and effectively help them achieve their commercial goals.

Organization: Skadden

Words of wisdom: “A point to remember for the fintech world is that notification is around enabling individuals to protect themselves. So, [when] things like identity documents, payment mechanisms have been impacted, swift notifications might be key. That being said, though, there is

Alex Drylewski, co-head of Skadden's Web3 and Digital Assets Group, discusses the significant shift in U.S. crypto policy under the Trump administration with host Joseph Kamyar. Alex highlights recent regulatory developments, including the executive order on "Strengthening American Leadership and Digital Financial Technology" and the SEC's formation of a new crypto task force. He shares insight into how these changes signal a pro-innovation environment for crypto builders while still emphasizing fraud prevention. Alex predicts that 2025 will bring increased institutional engagement by non-crypto native players, comprehensive legislation and continued private litigation as the industry seeks the regulatory clarity it has long desired.

Top takeaways from this episode

• Policy Shift: The Trump administration's executive order marks a philosophical change from the previous executive order and emphasizes protection and promotion of innovation, regulatory clarity and technology access rather than focusing on perceived risks.
• SEC Reforms: The SEC has established a crypto task force dedicated to developing a comprehensive regulatory framework, with a focus on drawing clear regulatory lines and
• Institutional Momentum: Traditional financial institutions are expected to increase engagement with crypto assets following the rescinding of SAB 121, which will allow financial institutions to now hold crypto assets on behalf of their customers without incurring the balance sheet and capital impacts.

Name: Joseph Kamyar

Title: European Counsel, Corporate at Skadden

Specialty: “Fintech Focus” host and European counsel Joseph Kamyar advises on a wide variety of corporate transactions, including cross-border private mergers and acquisitions, fundraisings, joint ventures, corporate reorganizations and general corporate matters, with a particular focus on the financial services, technology and media sectors.

Connect: LinkedIn | Email

Name: Alex Drylewski

What he does: Alex Drylewski focuses on high-stakes complex commercial litigation around the world. He has represented companies and individuals across a wide range of industries and disputes, including high-profile litigation involving emerging technologies, government investigations, securities class actions, trials and appeals.

Organization: Skadden

Words of wisdom: “While this order leaves a lot of questions and details unanswered at the moment, it's generally been viewed as a very positive first step in fostering a more innovative pro-crypto environment for digital asset and blockchain-related builders in the...

With regulators increasingly scrutinizing IT and security risks for fintechs, host Joseph Kamyar invites Skadden colleague Susanne Werry for a discussion about the EU’s Digital Operational Resilience Act (DORA), which becomes effective next month.

The act is expected to compel financial entities and relevant technology providers to reexamine existing contracts, policies, procedures and governance arrangements. Susanne, Frankfurt-based counsel in the Cybersecurity and Data Privacy and Artificial Intelligence Groups, offers important takeaways as 2025 draws near. While some companies are well on the way to DORA compliance, she notes, others are in the early stages.

Name: Joseph Kamyar

Title: European Counsel, Corporate at Skadden

Specialty: “Fintech Focus” host and European counsel Joseph Kamyar advises on a wide variety of corporate transactions, including cross-border private mergers and acquisitions, fundraisings, joint ventures, corporate reorganizations and general corporate matters, with a particular focus on the financial services, technology and media sectors.

Connect: LinkedIn | Email

Name: Susanne Werry

What she does: Susanne Werry has extensive experience advising international and domestic clients on issues relating to cybersecurity, data privacy and artificial intelligence. Her work includes counseling multinational clients on strategic projects, crisis management, regulatory compliance and M&A transactions.

Organization: Skadden

Words of wisdom: “Some clients and lots of third-party providers in the markets are drawing up their DORA supplements to their contracts to address the stringent requirements and also to provide their customers with DORA packages, including information that the financial entities will request as part of their own extensive due diligence applications.”

Connect: LinkedIn | Email

☑️ Follow us on X and LinkedIn.

☑️ Subscribe to Fintech Focus on Apple Podcasts, Spotify, or your favorite podcast app.

Fintech Focus is a podcast by Skadden, Arps,...