Noting that ransomware incidents have become increasingly prevalent in the financial services sector, the Federal Financial Institutions Examination Council (FFIEC) today released an update to its Cybersecurity Resource Guide for Financial Institutions (the Guide)—a publication that was last updated in October 2018. View a copy of the updated Guide.

The FFIEC points out that the Guide is designed to support financial sector resilience, that  FFIEC members do not endorse the listed organizations and that use of any of the listed resources is voluntary on the part of regulated financial services institutions. However, the newly released edition of the Guide is substantially lengthier than the version published in 2018, and the inclusion of a section on ransomware that lists several self-assessment tools indicates that this is likely to be an area of concern for examiners in upcoming review cycles. In addition to listing ransomware resources, the Guide also lists additional resources available in areas such as assessments, information sharing and incident reporting.

Norton Rose Fulbright has a globally active information governance, privacy and cybersecurity practice composed of over 80 lawyers worldwide. Lawyers in this practice group help clients in managing legal risks related to cybersecurity, privacy and data governance. When advising financial services firms, our cybersecurity lawyers work closely with our financial services regulatory lawyers to ensure that the advice we provide with respect to cybersecurity and data governance aligns fully with the expectations of financial services supervisors in the US, Canada, Europe, Asia and the Middle East. If you have questions or would like additional information concerning the Guide or other cybersecurity or data governance issues affecting your financial institution, please feel free to reach out to:

Tom Delaney
Partner
thomas.delaney@nortonrosefulbright.com

Will Daugherty
Head of Cybersecurity, United States
will.daugherty@nortonrosefulbright.com

Tim Byrne
Partner
tim.byrne@nortonrosefulbright.com

Chris Cwalina
Global Co-Head and US Head of Information Governance, Privacy and Cybersecurity
chris.cwalina@nortonrosefulbright.com



Contacts

Thomas J. Delaney
Thomas J. Delaney
Partner
Email
thomas.delaney@nortonrosefulbright.com
T: +1 202 662 4531
Will Daugherty
Will Daugherty
Head of Cybersecurity, United States
Email
will.daugherty@nortonrosefulbright.com
T: +1 713 651 5684
Tim Byrne
Tim Byrne
Partner
Email
tim.byrne@nortonrosefulbright.com
T: +1 212 318 3260
Chris Cwalina
Chris Cwalina
Global Head of Cybersecurity and Privacy
Email
chris.cwalina@nortonrosefulbright.com
T: +1 202 662 4691

Practice areas:

Industry:

Recent publications

Publication

The European Commission’s prohibition of Illumina's acquisition of GRAIL

On 6 September 2022, the European Commission (EC) prohibited Illumina’s acquisition of Grail, bringing to an end the administrative stage of a legal saga that has attracted interest beyond competition law specialists.

Global | April 17, 2024

Life sciences and healthcare
Environmental-law-trees-green

Publication

EU scales up green subsidies: How to benefit from support for clean investments

On February 6, 2024 the Council of the EU and the European Parliament agreed a provisional version of the Net-Zero Industry Act (NZIA), which is now expected to be formally adopted by the end of April 2024.

Global | April 11, 2024

Climate change and sustainability
Environment-plant-planting-trees-greens-soil-growth

Publication

Belgium, the brand-new EU leader in the fight against ecocides

On 22 February 2024, Belgium became the EU frontrunner in the fight against ecocides by being the first EU member state to criminalise ecocide, in the new Belgian Criminal Code.

Global | March 22, 2024

Antitrust and competition
Site search

Subscribe and stay up to date with the latest legal news, information and events . . .

Register now