Tom C. Vincent

Partner | Corporate

tom.vincent@pierferd.com
+1.918.398.1831 cell
+1.202.571.7975 office
Washington, D.C.
PDFvCard

About
Credentials
Experience
News & Insights

About

Tom Vincent is a Partner at Pierson Ferdinand LLP, a Certified Information Systems Security Professional (CISSP), Certified Regulatory Compliance Manager (CRCM), and Certified Information Privacy Professional (CIPP/US). Tom approaches cybersecurity and privacy not just as technical issues but as questions of identity, autonomy, and trust. With over twenty years in banking and regulatory leadership—including roles as Chief Compliance Officer, BSA/AML Compliance Officer, HIPAA Compliance Officer, and Corporate Secretary—he brings an insider’s perspective on how regulation, risk, and reputation converge. Today, Tom counsels financial institutions, technology startups, and healthcare organizations on cybersecurity, data privacy, and corporate governance, helping them move from compliance to accountability while preserving their corporate identity.

  • As an Adjunct Professor of Cybersecurity Law and Policy at The University of Tulsa College of Law and a mentor to privacy practitioners, Tom teaches how digital governance intersects with human ethics. He guides lawyers, compliance officers, and privacy and security professionals in developing careers rooted in integrity, helping them navigate complex intersections of law, technology, and inclusion with clarity and purpose.

Practices

  • Banking and Financial Services

  • Broker-Dealer Regulation

  • FinTech and Blockchain

  • Healthcare

  • Information Security

  • Privacy and Data Protection

  • Regulatory Law & Government Contracts

  • Securities

  • Technology

Admissions

  • Oklahoma

  • District of Columbia

Education

  • Washington and Lee University School of Law, J.D.

  • Southern Methodist University, B.S.

Memberships and Affiliations

  • Oklahoma Bar Association

  • Tulsa County Bar Association

  • American Bar Association

  • International Association of Privacy Professionals

Recognition

  • Best Lawyers, 2024-2026, FinTech Practice and Privacy and Data Security Law

  • Oklahoma Bar Association, 2023, Ada Lois Sipuel Fisher Diversity Award

Law Firm Experience

  • Gable & Gotwals, A Professional Corporation

Corporate and Faculty Experience

  • Adjunct Professor, Cyber Law and Policy, The University of Tulsa College of Law

  • Chief Compliance Officer/Anti-Money Laundering (AML/BSA) Officer/HIPAA Compliance Officer, The F&M Bank and Trust Company

  • Chief Compliance Officer and Corporate Secretary, Cavanal Hill Investment Management

  • Chief Compliance Officer, BOSC, Inc. (now BOK Financial Securities, Inc.)

  • Manager, Corporate Governance and Wealth Management Compliance, BOKF, N.A.

Non-Profit Service

  • Past Advisory Board Member, Oklahomans for Equality

  • Past Board member, Tulsa Zoo

  • Past Board member, Riverfield Country Day School Board of Trustees

Representative Matters and Experience

Privacy, Cybersecurity, Data Security, and Artificial Intelligence

  • Designed and implemented regulatory programs—including website disclosures, policies, procedures, training, and risk assessments—to meet FTC, FERPA, GLBA, GDPR, CMMC, and other state, federal, and international requirements.

  • Developed HIPAA compliance programs for healthcare clients, including policies, procedures, risk assessments, and entity-designation analyses for a healthcare mobile application, healthcare clinic, and university, covering covered entity, hybrid entity, and business associate designations.

  • Assessed GDPR and UK GDPR requirements for a U.S. energy company’s overseas acquisition.

  • Guided an international insurance carrier as outside privacy and cybersecurity counsel, including on policy and procedure development, vendor management, and engagement of private investigators.

  • Developed a CMMC compliance plan for a Department of Defense subcontractor, incident response plans for financial institutions and professional services firms, and Transportation Security Administration-required security measures for critical infrastructure.

  • Oversaw engagement of security firms for penetration testing and other security assessments, with request-for-proposal management and engagement agreement negotiation.

  • Directed insurance-approved breach response matters for privacy and security incidents across multiple states, territories, and countries, including reporting analysis, customer communications, agency communications, and insurance policy review for coverage sufficiency.• Drafted policies and developed controls for AI usage by clients and their vendors to ensure compliance with applicable laws and regulations, and provided training on ethical AI usage.

  • Developed an AI operational risk mitigation program, including governance structure, risk management framework, policies, and procedures for the development, implementation, use, and validation of AI systems.

FinTech, Financial Services, and BSA/AML

  • Negotiated FinTech agreement execution and termination, incorporated customer disclosures, and responded to banking agency compliance inquiries.

  • Analyzed cryptocurrency-secured lending and financing arrangements for consumer, vendor, finder, crowdfunding, and other financial services compliance issues.

  • Counseled financial institutions on BSA/AML reporting, including CTRs, SARs, and OFAC disclosures.

  • Addressed anti-money laundering, suspicious activity, OFAC reporting, and related financial-crime controls for an international insurance carrier.

Contracts, Third Party Risk, and Professional Services

  • Drafted client agreements, website documentation, and internal onboarding procedures for accounting and technology consulting firms.

  • Coordinated contract administration and third party risk management.

Marketing, Content Review, and Consumer Promotions

  • Reviewed advertising, social media, website, sweepstakes, and electronic transaction content under FTC, TCPA, and other applicable requirements.

  • Served as compliance counsel to a national multimedia company providing online memberships and sweepstakes giveaways.

Nonprofit Governance

  • Reviewed websites, bylaws, policies and procedures, and contracts for nonprofit entities regarding privacy, security, and corporate governance.

Selected Presentations and Podcasts

  • Co-Host, Aligned By Design: CISO X Legal (Podcast – Alias Cybersecurity)

  • “Artificial Intelligence and Fiduciary Obligations: Key Risk Considerations” (Tulsa County Bar Association), May 29, 2026

  • “Intellectual Property: Patenting and Trademarking” (speaking on website requirements, privacy policies, terms of use, and issues in utilizing artificial intelligence) (LAEDA, Inc.), May 28, 2026

  • “I Think, Therefore I Am (The Attorney): Preserving Autonomy Through the Ethical Use of Generative AI” (Lawline), December 10, 2025

  • “The Ethics of Inclusion: Developing the Words, Actions, and Achievements to Change Yourself and Your Practice (2025 Update)” (Lawline), September 22, 2025

  • “Authority and Accountability in Vendor Relationships: Setting Expectations, Avoiding Surprises, and Getting Your Stuff Back” (SECCON 2025 -Alias Cybersecurity), September 12, 2025

  • “Proactively Managing Vendor Relationships: Setting Expectations, Avoiding Surprises, and Getting Your Stuff Back” (Lawline), February 22, 2023

  • “What Now? Post-Breach Cybersecurity Issues: Addressing the Obvious and the Hidden, Not-Initially-Visible, and Otherwise Neglected Causes and Consequences of a Data Breach” (SouthWest Benefits Association), November 8, 2022

  • “Beyond Attorney-Client Privilege: Reconciling Traditional Attorney Issues and an In-House Environment” (Association of Corporate Counsel), September 16, 2022

  • “IT/IT Security, and Legal; Building Mutually Beneficial Relationships” (ISSA), November 8, 2021

  • “Cool to be Kind: The Expectation of Positivity and the Need to Belong” (DisruptHR Tulsa), October 20, 2021

  • “Cybersecurity! Why All the Cool Kids Are Doing It” (with Trent Shores, Oklahoma Association of Municipal Attorneys), September 9, 2021

  • “Avoiding Unintentional Exclusivity: Why the Language We Use Matters” (National Conference of Bar Foundations), July 31, 2021

  • “We’ve Been Hacked! What Do We Do Now?” (ISSA CyberSecurity Roundtable), January 26, 2021

  • “Embrace Your Blur: Using Your Authentic Self to Create Your Career Brand Narrative” (Black Wall Street Chamber of Commerce), November 12, 2020

  • “Courageous Conversations: Beyond the Hashtags” (Mosaic & Luxa Enterprises), August 25, 2020

  • “Life Preservers and Safety Nets: Returning to Work and Staying Afloat in COVID-19’s Wake” (Tulsa Area Human Resources Association’s Learning Lab), May 28, 2020

  • “Oh, What a Tangled Web(site) We Weave” (GableGotwals and Stinnett & Associates Cyber Webinar), May 13, 2020

  • “It’s not what you do, it’s why you do it: Ownership, Obligation, and Information Security” (Workforce Forensics Podcast), April 30, 2020

  • “Unexpected Legal Ethics Work-at-Home Webinar” (Avansic Work at Home Webinars), April 15, 2020

  • “Courageous Conversations Year End Celebration: 50 Shades of Courage” (LUXA 2nd Annual Year End Celebration), December 18, 2019

  • “Best Practices of Employee On-Boarding/Off-Boarding” (Tulsa Area Human Resources Association Employment Law & Practices Seminar), November 7, 2019

  • “To Secure and Protect: Fulfilling the Expectations of Clients (and Others) in Commercial Real Estate and Fiduciary Transactions” (Tulsa Title and Probate Lawyers Association), June 13, 2019

Selected Publications

In the News