Magda Gathani

Managing Associate

Washington, D.C.

Magda Gathani assists clients in a wide range of regulatory, compliance and licensing matters. She represents financial institutions and fintech companies, including money transmitters, online marketplace providers, cryptocurrency exchanges and custodians, and various related service providers.

Magda advises payments companies and commercial clients engaged in money transmission with regard to federal and state compliance, including the Bank Secrecy Act (BSA), anti-money-laundering (AML) laws, licensing obligations and consumer compliance. She also counsels clients on consumer privacy issues arising from the Gramm-Leach-Bliley Act (GLBA) and Regulation P, the California Consumer Privacy Act (CCPA), the New York Department of Financial Services (NYDFS) Cybersecurity Rules, and other state and federal laws that address data privacy and information security.

Prior to joining Orrick, Magda was an associate at Buckley LLP.

She is a Certified Information Privacy Professional (CIPP/US).

  • Magda’s representative matters include:

    • Advising clients on the applicability of the BSA and state money-transmitter licensing laws to existing and proposed practices, including analysis of applicable exemptions
    • Representing clients in response to regulatory inquiries or examination findings related to money transmission compliance
    • Addressing payments regulatory and licensing issues for transactional matters
    • Assisting a large financial institution in an AML-related internal investigation
    • Advising a Latin American e-commerce and digital payments company on the applicability of OFAC requirements to various business models

    Magda’s recent privacy and data security experience includes:

    • Assisting clients in designing and implementing CCPA compliance programs, including advising on GLBA exemption
    • Drafting privacy policies, procedures, and website disclosures for financial and non-financial institutions
    • Preparing privacy and cybersecurity law inventories tailored to a national bank’s and insurance company’s business models to allow for identification of regulatory requirements in their daily operations
    • Advising a bank on whether its practices with respect to hashed data triggered Regulation P when shared with third-party joint marketing partners