Privacy and Cybersecurity Bank Audits

more+
less-

Are Your Controls Adequate To Work with a Large Bank?

Federal regulators are concerned about potentially lax cybersecurity by mortgage originators and other entities that present consumer accounts to large banks. Regulatory pressure has led large banks in recent years to conduct audits on most vendors and business partners that hold nonpublic personal information on their behalf. The banks are looking for substantive security controls, information security policies that have been implemented, and a risk-aware corporate culture. It is not enough to simply have an information security policy in place because it may not necessarily be fully implemented.

Ballard Spahr attorneys have spent considerable time with financial institutions of all sizes developing (or fine-tuning) their information security programs. Please find attached our framework for cybersecurity legal services to help clients begin to think about how they can meaningfully evaluate cybersecurity within their enterprise. 

The goal of our cybersecurity reviews is to make compliance routine, giving IT and security teams more time for creative security discussions and threat education. We cannot guarantee that hardened practices will repel every attack, but we can make the hacker economic model (which seeks rich data in an easy attack vector) much more difficult. And greater security, with appropriately documented policies, will make those annual audits a far less nerve-racking experience.