Megan C. Nicholls


Orange County
Business Phone: 949.622.2789
Business Fax: 949.622.2739


Meg Nicholls is an associate, in the firm’s Consumer Financial Services practice, who focuses on cybersecurity and privacy issues and compliance across the consumer financial services industry. Meg is an experienced regulatory compliance counsel with experience as an internal counsel, positioning her to interact with effectively business, compliance, legal and information security departments. She has extensive experience with the Fair Credit Reporting Act (FCRA) and Regulation V (“Reg V”), Gramm-Leach-Bliley Act (“GLBA”) and regulations promulgated under GLBA, Electronic Signatures in Global and National Commerce Act (“E-Sign”), Fair Debt Collection Practices Act (“FDCPA”) and state law equivalents and various money transmitter and unfair, deceptive and abusive acts or practices laws. She also is a thought leader in alternative data and impact in and on the sharing economy.

Meg works with clients who have information and cyber security programs in varying levels of maturity, and takes a pragmatic approach to helping her clients develop information security policies and procedures in line with each client’s industry practices and responding to security incidents. This includes working with her clients’ information technology, compliance and legal departments to create appropriate work flows in the event of a security incident, draft policies and procedures such as incident response and breach notification plans, create handbooks for various departments to use in the event of a security incident, and assist with lessons learned and remediation efforts post security incident. Meg helps her clients with data classification, record retention, and security best practices. She serves as an integral member to new product development teams to ensure legal and compliance issues are addressed throughout the product development lifecycle.

Meg drafts policy and procedures for financial services companies, including consumer reporting agencies, that document compliance with consumer financial protection and privacy laws and regulations. She also assists those clients in appropriately handling disputes and ensuring assessments are designed to identify systemic issues. She develops test scripts and works with compliance teams to appropriately audit controls contained in FCRA-relevant procedures and report such findings to senior management and boards of directors. Meg has been involved in developing and executing several Consumer Financial Protection Bureau (“CFPB”) readiness programs, including performing in-depth regulator-like audits, both in-house and in private practice. Meg has experience drafting and negotiating data licensing agreements, screening services agreements and playbooks for consumer reporting agencies. She advises her clients on best practices related to onboarding end users such as end user credentialing and required certifications.

Meg has helped to lay the foundation for vendor management programs for multiple clients and provides adhesion to various teams involved in an often complex initiative.

She also assists payment processors to determine money transmitter licensing statuses under federal and state laws. In particular, Meg has interacted with state entities responsible for licensing money transmitters, advocating for exemptions to the requirements for her clients.

Representative Matters

  • Draft policy and procedure manual for consumer reporting agency specializing in employment screening reports.
  • Assist consumer reporting agencies in responding to Federal Trade Commission Civil Investigation Demands.
  • Coordinate with state licensing agencies regarding money transmitter license exceptions for payment processors.
  • Provide regulatory counsel for car sharing platform throughout development, launch and maintenance.
  • Create enterprise-wide compliance training program for captive automobile finance company.
  • Draft, review and audit compliance management systems (“CMS”) for consumer financial service companies.


Presentations and Speaking Engagements

  • Speaker, “Compliance Management Systems – The Next Generation,” National Association of Professional Background Screeners Webinar, September 27, 2017.
  • Speaker, “How to Engage Your Legal Department in Data Incident Response,” Troutman Sanders Privacy Webinar Series, September 21, 2017.

Professional Experience

  • Associate, Troutman Sanders LLP, 2015-present
  • Manager II, Enterprise Compliance, Hyundai Capital America, 2015
  • Corporate Counsel, CoreLogic, 2010-2015



  • University of Dayton, J.D., 2009
  • University of Dayton, B.S., 2004

Bar Admissions

  • California
  • U.S. Patent and Trademark Office