Financial Services Cyber-Compliance

Overview

Financial services companies are facing increased scrutiny from regulators related to the security of their information systems and protection of customer information. The New York  Department of Financial Services is requiring banks, insurance companies, and other financial service providers to comply with its 2017 cybersecurity regulation. This landmark law includes significant new operational, technology, and reporting requirements. With more states expected to follow New York’s lead, Robinson+Cole’s Financial Services Cyber-Compliance Team (the CyFi Team) can help assess your company’s risks and develop policies, procedures, and programs to comply with these new regulatory requirements.

Our Services

We provide guidance on: 

• electronic filing requirements
• implementation of  an enterprise-wide cybersecurity program, including adoption of required written cybersecurity policies and procedures to comply with applicable state and federal laws
• user access control assessments and user monitoring, including recommendations for limitations   
• data breach and security incident response reporting requirements 
• incident response and disaster recovery plans
• Tabletop exercises to prepare for a security incident
• statutorily required technological solutions for cybersecurity, including multi-factor authentication, requirements for penetration testing and risk assessments and encryption
• staff training and education
• board and C-Suite education on cyber risks
• selecting vendors to perform risk assessments
• document and data retention policies and procedures
• secure data disposal procedures and retention
• audit trails of network activity and significant transactions
• comprehensive cybersecurity risk management programs for third party service providers
• compliance planning
• enforcement actions
• litigation
• evaluation of cyberliability insurance coverage

Our Team

Our lawyers have extensive experience with regulatory compliance and enforcement matters, and with data privacy and cybersecurity issues. We can assist you with preparing, implementing, and monitoring a full cybersecurity program in compliance with regulatory requirements. We partner with forensic firms and information technology vendors to perform and evaluate risk assessments, and then adapt cybersecurity policies, procedures and plans to address risks identified through those assessments. We draft, implement and execute incident response plans for security incidents and data breaches. We assist with data breach response, notification, enforcement actions and litigation. We also provide training and monitoring services in connection with cybersecurity programs.