Download What Banks Need From Law Firms

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Financialization wikipedia , lookup

Transcript 
Page 20
Trends in the Massachusetts Legal Market – Sponsored Content
What Banks Need From Law Firms
By Michael Ouellet
Many law firms across
Massachusetts rely on
banks and other financial
institutions for a considerable amount of business.
In fact the state’s financial
institutions are directly,
and indirectly, responsible
for purchasing millions of dollars worth of
legal services annually. To continue to capture this business law firms must provide astute advice and service to their banking clients at reasonable rates. But are you aware
that financial institutions also want their law
firm advisors to have robust information security programs?
To effectively serve their customers and
comply with laws and regulations that govern the banking industry, banks and other financial institutions collect and maintain
large amounts of sensitive information. As
noted by the Federal Financial Institutions
Examination Council (FFIEC) in its IT Examination Handbook, information is one of
a financial institution’s most important assets. As such, financial institutions must
protect these assets to establish and maintain trust with customers, comply with the
law and protect their reputation. We are all
very familiar with the damage that can occur when sensitive personal or company
LAW FIRM BANKING
Forward-looking solutions
Within the Massachusetts legal community, we stand as a trusted
partner committed to supporting your firm. We do this by crafting
solutions that solve today’s problems and create future opportunities.
As one of the nation’s leading commercial banks, we have the strategic
expertise and financial strength to help you reach your goals.
Visit us at citizenslawfirmbanking.com or call:
Richard Dowd
Senior Vice President
617.994.7105
[email protected]
Lisa Murray
Senior Vice President
617.725.5667
[email protected]
Michael Ouellet
Senior Vice President
617.994.7065
[email protected]
©2015 Citizens Financial Group, Inc. All rights reserved. Citizens Commercial Banking is
a brand name of Citizens Bank, N.A. and Citizens Bank of Pennsylvania. Member FDIC.
information falls into the hands of someone with ill intent. To avoid those problems
and ensure that financial institutions are in
fact doing everything necessary to protect
sensitive information, bank examiners regularly evaluate the information security systems, procedures and practices of financial
institutions. Because financial institutions
sometimes need to share sensitive information with law firms, the examiners also often
review whether financial institutions have a
rigorous vendor assurance program in place.
This program is designed to ensure that law
firms that receive sensitive information also
have rigorous information security systems
and practices. Firms that don’t have such
systems and practices will find it difficult, if
not impossible, to continue to receive legal
work from many financial institutions. Law
firms should of course have robust information security programs in place already. The
need to comply with the requirements of
their financial institution clients is one more
reason to take another look at their existing
program and strengthen it where necessary.
This begs at least two questions. First, what
constitutes adequate information security systems and practices? Second, how do we know
if a law firm has information systems and
practices that are adequate? Regarding the latter, a bank’s vendor assurance program will include a thorough audit of the information security systems and practices of law firms that
perform legal services for the bank. This audit
can be performed on site or remotely and will
assess a firm’s information security program
against standards and best practices that the
bank and its regulators believe are necessary
to protect sensitive information.
And what about those information security programs? While each financial institution will have its own criteria for evaluating law firms and other vendors and a robust
program will have many elements, Citizens
wants a firm to have a written information
security policy that is reviewed and updated
regularly. These policies should be “owned”
by senior partners or executives within the
firm and communicated to staff. Staff should
be trained on the policies and acknowledge
their obligation to maintain client confidentiality annually. A firm should also conduct
audits of its policies to ensure compliance
and information security roles and responsibilities should be clearly defined and documented. Regular risk assessments should
also be conducted to identify new information security risks and policies and controls
updated accordingly.
Some policies are fairly obvious such as
keeping desks clear of sensitive information
which should be stored in locked file cabinets
when not in use. It is also sensible to dispose
of sensitive information in a secure waste receptacle for later shredding. Access to IT systems should also be controlled by robust passwords that should be changed regularly. Less
obvious perhaps is the importance of maintaining an inventory of IT hardware, particularly laptop and other mobile computing devices. Since many firms arm their attorneys
with such devices and those devices are often used outside the office, it is important that
those devices be password protected and fully
encrypted if possible. When hardware is retired the firm must ensure that the device is
fully erased and destroyed so that any sensitive information that had been stored on the
device cannot be accessed. It is also important that firms conduct background checks on
their employees which include a criminal record and credit check. We also want firms to
control access to the sensitive information that
we provide to only those that are working on
that particular matter.
These are just a sampling of the elements
that Citizens will consider when assessing the
adequacy of a law firm’s information security program. What is most important for law
firms to know is that Citizens and other financial institutions will be assessing their information security programs so they should be prepared. Consulting with experts in information
security is a good place to begin.
Michael is a senior vice president
with Citizens Commercial Banking’s
Professionals Banking Team. The
team has been providing credit and
other banking services to law firms
in Greater Boston for over 30 years.
This team has the experience, knowledge and solutions to help law firms
succeed as evidenced by Citizens
being the bank of choice for many
of the top 100 firms in Boston, not to
mention local Bar Associations and
Legal Aid Organizations. Michael can
be reached at michael.ouellet@
citizensbank.com.
Related documents
Chapter 7, Section 3 Questions
Chapter 7, Section 3 Questions
Abstract
Abstract
Jeopardy - Cloudfront.net
Jeopardy - Cloudfront.net
SECONDARY MARKET FIRMS The following companies buy and
SECONDARY MARKET FIRMS The following companies buy and
Unit 4.1 The Role of Marketing The Role of Marketing
Unit 4.1 The Role of Marketing The Role of Marketing
PEST
PEST
internal and external business environment
internal and external business environment
Agency Construction Management
Agency Construction Management
download soal
download soal
Unit 3: Supply and Demand
Unit 3: Supply and Demand