Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Page 20 Trends in the Massachusetts Legal Market – Sponsored Content What Banks Need From Law Firms By Michael Ouellet Many law firms across Massachusetts rely on banks and other financial institutions for a considerable amount of business. In fact the state’s financial institutions are directly, and indirectly, responsible for purchasing millions of dollars worth of legal services annually. To continue to capture this business law firms must provide astute advice and service to their banking clients at reasonable rates. But are you aware that financial institutions also want their law firm advisors to have robust information security programs? To effectively serve their customers and comply with laws and regulations that govern the banking industry, banks and other financial institutions collect and maintain large amounts of sensitive information. As noted by the Federal Financial Institutions Examination Council (FFIEC) in its IT Examination Handbook, information is one of a financial institution’s most important assets. As such, financial institutions must protect these assets to establish and maintain trust with customers, comply with the law and protect their reputation. We are all very familiar with the damage that can occur when sensitive personal or company LAW FIRM BANKING Forward-looking solutions Within the Massachusetts legal community, we stand as a trusted partner committed to supporting your firm. We do this by crafting solutions that solve today’s problems and create future opportunities. As one of the nation’s leading commercial banks, we have the strategic expertise and financial strength to help you reach your goals. Visit us at citizenslawfirmbanking.com or call: Richard Dowd Senior Vice President 617.994.7105 [email protected] Lisa Murray Senior Vice President 617.725.5667 [email protected] Michael Ouellet Senior Vice President 617.994.7065 [email protected] ©2015 Citizens Financial Group, Inc. All rights reserved. Citizens Commercial Banking is a brand name of Citizens Bank, N.A. and Citizens Bank of Pennsylvania. Member FDIC. information falls into the hands of someone with ill intent. To avoid those problems and ensure that financial institutions are in fact doing everything necessary to protect sensitive information, bank examiners regularly evaluate the information security systems, procedures and practices of financial institutions. Because financial institutions sometimes need to share sensitive information with law firms, the examiners also often review whether financial institutions have a rigorous vendor assurance program in place. This program is designed to ensure that law firms that receive sensitive information also have rigorous information security systems and practices. Firms that don’t have such systems and practices will find it difficult, if not impossible, to continue to receive legal work from many financial institutions. Law firms should of course have robust information security programs in place already. The need to comply with the requirements of their financial institution clients is one more reason to take another look at their existing program and strengthen it where necessary. This begs at least two questions. First, what constitutes adequate information security systems and practices? Second, how do we know if a law firm has information systems and practices that are adequate? Regarding the latter, a bank’s vendor assurance program will include a thorough audit of the information security systems and practices of law firms that perform legal services for the bank. This audit can be performed on site or remotely and will assess a firm’s information security program against standards and best practices that the bank and its regulators believe are necessary to protect sensitive information. And what about those information security programs? While each financial institution will have its own criteria for evaluating law firms and other vendors and a robust program will have many elements, Citizens wants a firm to have a written information security policy that is reviewed and updated regularly. These policies should be “owned” by senior partners or executives within the firm and communicated to staff. Staff should be trained on the policies and acknowledge their obligation to maintain client confidentiality annually. A firm should also conduct audits of its policies to ensure compliance and information security roles and responsibilities should be clearly defined and documented. Regular risk assessments should also be conducted to identify new information security risks and policies and controls updated accordingly. Some policies are fairly obvious such as keeping desks clear of sensitive information which should be stored in locked file cabinets when not in use. It is also sensible to dispose of sensitive information in a secure waste receptacle for later shredding. Access to IT systems should also be controlled by robust passwords that should be changed regularly. Less obvious perhaps is the importance of maintaining an inventory of IT hardware, particularly laptop and other mobile computing devices. Since many firms arm their attorneys with such devices and those devices are often used outside the office, it is important that those devices be password protected and fully encrypted if possible. When hardware is retired the firm must ensure that the device is fully erased and destroyed so that any sensitive information that had been stored on the device cannot be accessed. It is also important that firms conduct background checks on their employees which include a criminal record and credit check. We also want firms to control access to the sensitive information that we provide to only those that are working on that particular matter. These are just a sampling of the elements that Citizens will consider when assessing the adequacy of a law firm’s information security program. What is most important for law firms to know is that Citizens and other financial institutions will be assessing their information security programs so they should be prepared. Consulting with experts in information security is a good place to begin. Michael is a senior vice president with Citizens Commercial Banking’s Professionals Banking Team. The team has been providing credit and other banking services to law firms in Greater Boston for over 30 years. This team has the experience, knowledge and solutions to help law firms succeed as evidenced by Citizens being the bank of choice for many of the top 100 firms in Boston, not to mention local Bar Associations and Legal Aid Organizations. Michael can be reached at michael.ouellet@ citizensbank.com.