Financial Services Cyber-Compliance

Overview

Financial services companies are facing increased scrutiny from regulators related to the security of their information systems and protection of customer information. The New York  Department of Financial Services is requiring banks, insurance companies, and other financial service providers to comply with its 2017 cybersecurity regulation. This landmark law includes significant new operational, technology, and reporting requirements. With more states expected to follow New York’s lead, Robinson+Cole’s Financial Services Cyber-Compliance Team (the CyFi Team) can help assess your company’s risks and develop policies, procedures, and programs to comply with these new regulatory requirements.

Our Services

We provide guidance on: 

  • electronic filing requirements
  • implementation of  an enterprise-wide cybersecurity program, including adoption of required written cybersecurity policies and procedures to comply with applicable state and federal laws
  • user access control assessments and user monitoring, including recommendations for limitations   
  • data breach and security incident response reporting requirements 
  • incident response and disaster recovery plans
  • statutorily required technological solutions for cybersecurity, including multi-factor authentication, requirements for penetration testing and risk assessments and encryption
  • staff training and education
  • board and C-Suite education on cyber risks
  • selecting vendors to perform risk assessments
  • document and data retention policies and procedures
  • secure data disposal procedures
  • audit trails of network activity and significant transactions
  • comprehensive cybersecurity risk management programs for third party service providers
  • compliance planning
  • enforcement actions
  • litigation
  • cyberliability insurance coverage

Our Team

Our lawyers have extensive experience assisting banking, insurance, and financial services clients with regulatory compliance and enforcement matters, and with data privacy and cybersecurity issues. We can assist you with preparing, implementing, and monitoring a full cybersecurity program in compliance with regulatory requirements. We partner with forensic firms and information technology vendors to perform and evaluate risk assessments, and then adapt cybersecurity policies, procedures and plans to address risks identified through those assessments. We draft, implement and execute incident response plans for security incidents and data breaches. We assist with data breach response, notification, enforcement actions and litigation. We also provide training and monitoring services in connection with cybersecurity programs. Our team members regularly write about cybersecurity matters for the firm’s blog, Data Privacy + Security Insider. Members of our team have garnered national recognition for their efforts. Linn Freedman, chair of the firm’s Data Privacy + Cybersecurity Team, has been nationally ranked in CHAMBERS USA: America's Leading Lawyers for Business in the area of Privacy Law since 2012. Norman Roos, chair of the firm’s Finance Group, has been listed in The Best Lawyers in America© in the areas of Banking and Finance Law and Financial Services Regulation Law since 2012.

    • Publications + Presentations
    • "Vendor Management: Ensuring Compliance with Privacy and Cybersecurity Requirements," presented by Kathleen M. Porter, at the 20th Annual Practicing Law Institute's Privacy and Data Security Law Conference in Chicago (6/4/2019)

Our Team

Members