Privacy and Cybersecurity Bank Audits


Are Your Controls Adequate To Work with a Large Bank?

Federal regulators are concerned about potentially lax cybersecurity by mortgage originators and other entities that present consumer accounts to large banks. Regulatory pressure has led large banks in recent years to conduct audits on most vendors and business partners that hold nonpublic personal information on their behalf. The banks are looking for substantive security controls, information security policies that have been implemented, and a risk-aware corporate culture. It is not enough to simply have an information security policy in place because it may not necessarily be fully implemented.

Ballard Spahr attorneys have spent considerable time with financial institutions of all sizes developing (or fine-tuning) their information security programs. Please find attached our framework for cybersecurity legal services to help clients begin to think about how they can meaningfully evaluate cybersecurity within their enterprise. 

The goal of our cybersecurity reviews is to make compliance routine, giving IT and security teams more time for creative security discussions and threat education. We cannot guarantee that hardened practices will repel every attack, but we can make the hacker economic model (which seeks rich data in an easy attack vector) much more difficult. And greater security, with appropriately documented policies, will make those annual audits a far less nerve-racking experience.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Written by:


Ballard Spahr LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.