Privacy and Cybersecurity Bank Audits


Are Your Controls Adequate To Work with a Large Bank?

Federal regulators are concerned about potentially lax cybersecurity by mortgage originators and other entities that present consumer accounts to large banks. Regulatory pressure has led large banks in recent years to conduct audits on most vendors and business partners that hold nonpublic personal information on their behalf. The banks are looking for substantive security controls, information security policies that have been implemented, and a risk-aware corporate culture. It is not enough to simply have an information security policy in place because it may not necessarily be fully implemented.

Ballard Spahr attorneys have spent considerable time with financial institutions of all sizes developing (or fine-tuning) their information security programs. Please find attached our framework for cybersecurity legal services to help clients begin to think about how they can meaningfully evaluate cybersecurity within their enterprise. 

The goal of our cybersecurity reviews is to make compliance routine, giving IT and security teams more time for creative security discussions and threat education. We cannot guarantee that hardened practices will repel every attack, but we can make the hacker economic model (which seeks rich data in an easy attack vector) much more difficult. And greater security, with appropriately documented policies, will make those annual audits a far less nerve-racking experience.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.