Stephen resolves investigations, inquiries, and disputes involving state attorneys general and other state and federal enforcement bodies. With a long track record and in-depth understanding of government actions, he helps clients address their most pressing challenges.

Overview
Representative Matters
Insights
Awards

Stephen leads the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group, representing clients in single and multistate enforcement actions, including inquiries and investigations involving state attorneys general and other state and federal governmental enforcement bodies including the CFPB and FTC. He regularly represents clients in highly regulated sectors such as financial services, emerging technologies, health care, insurance, and education.

Stephen also leverages his extensive regulatory experience to assist clients in the gaming industry. He provides strategic guidance on navigating complex regulatory and permitting processes, developing new projects, and managing potential litigation. Stephen applies a thorough understanding of the rapidly-changing regulatory environment to his work with clients in the gaming space, helping clients with their compliance and fostering successful interactions with state and federal regulators.

As co-leader of the Incidents + Investigations team, Stephen advises clients on government actions and litigation arising from data breaches and other cybersecurity incidents. He combines first-hand knowledge of the government’s priorities and processes with cyber experience to guide clients on all aspects of regulatory investigations into data incidents. Clients also facing parallel litigation involving the collection, security, use, and dissemination of consumer data regularly work with Stephen and his team for comprehensive solutions and risk mitigation strategies.

Stephen applies his wide-ranging experience with matters before government entities to counsel Troutman Strategies’ clients on public policy, advocacy, and government relations issues. He is a recognized thought leader who provides ongoing analysis and commentary on regulatory developments on the firm’s regulatory blog, Regulatory Oversight.

State Attorneys General

  • Representing a national managed health care company in a multistate attorneys general investigation.
  • Representing a national delivery service in a state attorneys general investigation.
  • Representing a national bank in investigations by state attorneys general in multiple states.
  • Representing a private equity company in state attorneys general investigations based on entities in which the company has invested.
  • Represented a financial services company in an investigation brought by the Colorado AG’s office where the AG alleged our client violated the state’s usury laws.
  • Represented a data and information services company in interactions with state attorneys general and other regulators.
  • Represented a loan servicer in interactions with state attorneys general and other state governmental bodies.
  • Representing an international home service contract provider in interactions with state attorneys general and other state governmental and quasi-governmental bodies.
  • Represented an international pharmaceutical company with respect to issues related to knock-off products before state attorneys general.
  • Interact on behalf of client with national attorneys general associations, including the National Association of Attorneys General, the Republican Attorneys General Association, the Democratic Attorneys General Association, and the Attorneys General Alliance.
  • Represented a group of alumnae who sued to prevent the closure of their college. Reached a successful mediated resolution resulting in an agreement to keep the college open under new leadership.

Gaming

  • Representing a payment processing company nationwide on licensing and regulatory issues.
  • Obtained favorable attorney general opinions on the legality of sweepstakes games.
  • Provided regulatory advice for the acquisition of horseracing and gambling facility.
  • Drafted legislation on behalf of a local government to legalize and tax games of skill.
  • Represent skill game companies in interpreting and complying with current laws and in developing laws relating to their business model.

Regulatory Privacy + Cybersecurity

  • Representing a national managed health care company in a multistate attorneys general investigation related to a data security incident.
  • Representing various local government entities in response to data incident investigations.
  • Represented a publicly traded company recognized as the world’s leading cloud software provider, in a multistate attorneys general investigation, as well as subsequent matters related to FTC, HHS-OCR, and SEC investigations, stemming from a data breach.
  • Advised on congressional inquiries regarding various data incidents.

Local Government Law

  • Advise local governments and other government bodies on responding to regulatory inquiries regarding cyber incidents.
  • Represented and advised local government bodies on a wide range of issues, including government structure, boundary adjustments and disputes, annexations, consolidations, and disputes over utility service both inside and outside local boundaries.
  • Advise clients dealing with zoning and land use issues.
  • Represented local, state, and national campaigns, candidates, and government bodies dealing with election law issues, recounts, challenges to qualifications, and Voting Rights Act challenges.
  • Defended local government bodies and individuals charged with civil and criminal malfeasance in office.
  • Best Lawyers in America®: Administrative / Regulatory Law (2024)
  • Legal 500 United States for Government: State Attorneys General (2023-2025)
  • Lawdragon: 500 Global Leaders in Crisis Management (2025)
  • Rising Star, Virginia Super Lawyers (2010, 2013-2017)

Stephen leads the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group, representing clients in single and multistate enforcement actions, including inquiries and investigations involving state attorneys general and other state and federal governmental enforcement bodies including the CFPB and FTC. He regularly represents clients in highly regulated sectors such as financial services, emerging technologies, health care, insurance, and education.

Stephen also leverages his extensive regulatory experience to assist clients in the gaming industry. He provides strategic guidance on navigating complex regulatory and permitting processes, developing new projects, and managing potential litigation. Stephen applies a thorough understanding of the rapidly-changing regulatory environment to his work with clients in the gaming space, helping clients with their compliance and fostering successful interactions with state and federal regulators.

As co-leader of the Incidents + Investigations team, Stephen advises clients on government actions and litigation arising from data breaches and other cybersecurity incidents. He combines first-hand knowledge of the government’s priorities and processes with cyber experience to guide clients on all aspects of regulatory investigations into data incidents. Clients also facing parallel litigation involving the collection, security, use, and dissemination of consumer data regularly work with Stephen and his team for comprehensive solutions and risk mitigation strategies.

Stephen applies his wide-ranging experience with matters before government entities to counsel Troutman Strategies’ clients on public policy, advocacy, and government relations issues. He is a recognized thought leader who provides ongoing analysis and commentary on regulatory developments on the firm’s regulatory blog, Regulatory Oversight.

State Attorneys General

  • Representing a national managed health care company in a multistate attorneys general investigation.
  • Representing a national delivery service in a state attorneys general investigation.
  • Representing a national bank in investigations by state attorneys general in multiple states.
  • Representing a private equity company in state attorneys general investigations based on entities in which the company has invested.
  • Represented a financial services company in an investigation brought by the Colorado AG’s office where the AG alleged our client violated the state’s usury laws.
  • Represented a data and information services company in interactions with state attorneys general and other regulators.
  • Represented a loan servicer in interactions with state attorneys general and other state governmental bodies.
  • Representing an international home service contract provider in interactions with state attorneys general and other state governmental and quasi-governmental bodies.
  • Represented an international pharmaceutical company with respect to issues related to knock-off products before state attorneys general.
  • Interact on behalf of client with national attorneys general associations, including the National Association of Attorneys General, the Republican Attorneys General Association, the Democratic Attorneys General Association, and the Attorneys General Alliance.
  • Represented a group of alumnae who sued to prevent the closure of their college. Reached a successful mediated resolution resulting in an agreement to keep the college open under new leadership.

Gaming

  • Representing a payment processing company nationwide on licensing and regulatory issues.
  • Obtained favorable attorney general opinions on the legality of sweepstakes games.
  • Provided regulatory advice for the acquisition of horseracing and gambling facility.
  • Drafted legislation on behalf of a local government to legalize and tax games of skill.
  • Represent skill game companies in interpreting and complying with current laws and in developing laws relating to their business model.

Regulatory Privacy + Cybersecurity

  • Representing a national managed health care company in a multistate attorneys general investigation related to a data security incident.
  • Representing various local government entities in response to data incident investigations.
  • Represented a publicly traded company recognized as the world’s leading cloud software provider, in a multistate attorneys general investigation, as well as subsequent matters related to FTC, HHS-OCR, and SEC investigations, stemming from a data breach.
  • Advised on congressional inquiries regarding various data incidents.

Local Government Law

  • Advise local governments and other government bodies on responding to regulatory inquiries regarding cyber incidents.
  • Represented and advised local government bodies on a wide range of issues, including government structure, boundary adjustments and disputes, annexations, consolidations, and disputes over utility service both inside and outside local boundaries.
  • Advise clients dealing with zoning and land use issues.
  • Represented local, state, and national campaigns, candidates, and government bodies dealing with election law issues, recounts, challenges to qualifications, and Voting Rights Act challenges.
  • Defended local government bodies and individuals charged with civil and criminal malfeasance in office.
  • Best Lawyers in America®: Administrative / Regulatory Law (2024)
  • Legal 500 United States for Government: State Attorneys General (2023-2025)
  • Lawdragon: 500 Global Leaders in Crisis Management (2025)
  • Rising Star, Virginia Super Lawyers (2010, 2013-2017)
  • Member, Section of State and Local Government Law and State Attorneys General and Department of Justice Issues Committee, American Bar Association
  • President (2014-2017), Board of Directors, Disability Law Center of Virginia Foundation
  • Local Government Attorneys of Virginia
  • Summer law clerk, Hon. James H. Michael, Jr., U.S. District Court for the Western District of Virginia, 2003
  • Communications director, U.S. Representative Mike Pence (IN-02), Washington, D.C., 2001-2002
  • Deputy press secretary, U.S. Senator Sam Brownback (KS), Washington, D.C., 2000-2001
  • Legislative correspondent, U.S. Representative Joseph R. Pitts (PA-16), Washington, D.C., 1999-2000

Education

  • University of Virginia School of Law, J.D., 2005, editor-in-chief, Virginia Journal of International Law
  • Duke University, A.B., cum laude, 1999

Bar Admissions

  • Virginia

Court Admissions

  • U.S. District Court, Middle District of Pennsylvania
  • U.S. District Court, Eastern District of Virginia
  • U.S. District Court, Western District of Virginia
  • U.S. Court of Appeals, Third Circuit
  • U.S. Court of Appeals, Fourth Circuit
  • Supreme Court of the United States
  • Panelist, “Ethical Considerations in the Age of Generative AI,” LGA Fall Conference, October 5, 2024.
  • Co-presenter, “The Interaction of Public Records and Business Under FOIA,” Local Government Attorneys of Virginia Spring 2023 Conference, April 20-22, 2023.
  • Co-presenter, “AG Investigations: Navigating Unwritten Rules, Protecting Confidentiality, and Managing Class Actions Risks,” Strafford Publication, Inc., November 29, 2022.
  • Speaker, “Hot Button Issues and Trends in State and Local Enforcement,” Hispanic National Bar Association Annual Conference and Convention, September 22, 2020.
  • Co-presenter, “Election Law 101: Gearing up for 2021 Redistricting and the Basics of Electoral Board Representation,” Local Government Attorneys of Virginia, Spring 2020 Conference, May 29, 2020.
  • Co-presenter, “Declaratory Judgment Actions: Remedies,” Local Government Attorneys of Virginia Fall 2019 Conference, October 24-26, 2019.
  • Speaker, “Consumer Financial Services Outlook 2019,” Troutman Sanders Webinar, February 12, 2019.
  • Speaker, “Protecting Confidentiality When Sharing Information With Regulators,” December 12, 2017.
  • Co-presenter, “When Third Parties Come Uninvited: Tortious Interference and Covenants Not to Compete,” Virginia Bar Association, 7th Annual Advanced Business Litigation Institute, September 24, 2016.
  • Panelist, “Telemarketing Sales Rule and Third Party Payment Processors,” Webinar, Third Party Payment Processors Association (TPPPA), January 26, 2016.