Tom Vincent

Tom C. Vincent II, CRCM, CIPP/US

Tom C. Vincent II brings extensive experience in regulatory compliance to his practice at GableGotwals. His background includes serving as chief compliance officer for different financial institutions, responsible for ensuring compliance with a myriad of requirements including customer protection, privacy, information security, and corporate governance.  Tom assists his clients with issues involving data security and privacy, including the establishment of cybersecurity programs, negotiation of appropriate protections for client information, breach identification, and required reporting.  Additionally, Tom has experience in investment advisory, broker-dealer and fiduciary compliance, and has held various broker-dealer and investment advisory securities licenses.

Tom regularly presents on cybersecurity issues to a variety of audiences, including attorneys, healthcare practices, human resource professionals, and professional services firms.  He has also presented on trust administration and compliance topics to audiences of attorneys, bankers, and trust professionals.

As both a Certified Regulatory Compliance Manager and Certified Information Privacy Professional/United States, Tom’s hands-on industry experience helps him guide clients though the myriad of state and federal laws, regulations and requirements to ensure compliance and protect them from potential lawsuits and regulatory action.  Currently Tom serves as a member of the Board of Trustees of the Oklahoma Bar Foundation.

Experience includes:

  • Developed and implemented cybersecurity and HIPAA policies, training, and risk assessment processes for different clients, including a healthcare practice group and professional services firm.
  • Served as HIPAA/HI-TECH Security Officer, including performing risk assessments on impacted areas, drafting the HIPAA/HI-TECH policy, and developing appropriate training materials.
  • Review information security incidents to determine reporting responsibilities across multiple states and territories, including development of required customer communications.
  • Development and implementation of an overall compliance management process, including a comprehensive compliance policy, a board-level Compliance and Ethics Committee, and a regulatory surveillance system.
  • Development and implementation of a Gramm-Leach-Bliley compliance program for a university, including risk assessments, training, and policy revisions.
  • Served as a bank’s Bank Secrecy Act and Anti-Money Laundering Compliance Officer and chaired the bank’s Suspicious Activity Review Committee, working with Security, Fraud, and Supervised Assets departments to identify and report suspicious activity as required.
  • Served as Chief Compliance Officer and Corporate Secretary for a broker dealer and an institutional investment adviser to a family of mutual funds.
  • Served as an expert witness for a bank with respect to appraisal requirements under FIRREA.

Presentations include:

  • “The Business of Compliance” (Evanta CISO Executive Summit – Dallas), November 28, 2017
  • “Bringing Your Information Security Program in Line with Your Contractual Promises, or Vice Versa” (Leo Cyber Security Law Conference, November 7 and 8, 2017)
  • “Cybersecurity for Attorneys: First Steps to Protecting Yourself Now – How Attorneys can Protect Themselves Against Cyber Insecurity” (Tulsa County Bar Association), November 8, 2017
  • “There’s No ‘I’ in Breach: Cybersecurity Reinforcements for the General Counsel” (Tulsa General Counsel Group), September 13, 2017


J.D., Washington and Lee University School of Law, 1994

B.S., Southern Methodist University, 1991


Oklahoma Bar Association
Tulsa County Bar Association
American Bar Association
Institute of Certified Bankers
International Association of Privacy Professionals
Oklahoma Bankers Association