Interested in training for your team? Click here to learn more

Cyber Threats to Banks and Financial Institutions: Regulatory Requirements and Bank Examinations

Leveraging FFIEC Cybersecurity Assessment, Navigating Board of Director Risks and Third-Party Vendor Management

Recording of a 90-minute premium CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Tuesday, April 5, 2016

Recorded event now available

or call 1-800-926-7926

This CLE course will discuss regulatory developments in the wake of increasing cyber threats for financial institutions, including the FFIEC’s Cybersecurity Assessment Tool. The program will look at how regulators assess cybersecurity and the recent increased focus on risk management by board of directors and third-party vendor management. The program will also address enforcement actions and litigation trends.


Cyber attacks on banks and financial institutions are becoming increasingly more sophisticated and reach beyond the realm of theft of customer personal information into cyber heists and cyber terrorism. Banking agencies have ramped up scrutiny on cybersecurity preparedness and rank cybersecurity as one their highest priorities.

The FFIEC Cybersecurity Assessment Tool, released in 2015, is designed to assist financial institutions in identifying and assessing risks and weaknesses in their cybersecurity preparedness programs. Regulators have made clear that the Assessment Tool will be incorporated into bank examinations, but it is not without its critics. Financial institutions must take a more comprehensive approach, where assessment frameworks, such as the CAT, are just one tool that they use.

The cybersecurity litigation landscape continues to evolve. In Sept. 2015, the SEC announced its first cybersecurity-related enforcement action against an investment adviser, and more garden variety cybersecurity class actions look to be reborn after recent developments.

Listen as our panel of banking and cybersecurity practitioners reviews the increasing and changing cyber threats for financial institutions and the current regulatory developments, including FFIEC’s Cybersecurity Assessment Tool. The panel will discuss how regulators assess cybersecurity and the increased scrutiny on risk management by board of directors and third-party vendor management. The panel will also look at litigation trends as well as regulatory enforcement actions.



  1. Overview of the threat landscape, with emphasis on threats to financial institutions, including online banking and payment systems
  2. Key federal banking agency initiatives and regulatory developments
    1. FFIEC Cybersecurity Assessment Tool
    2. Potential NYDFS cybersecurity regulation requirements
    3. Consumer education and awareness regarding cyber threats, phishing, and protecting your identity online
    4. Managing third-party vendor relationships
  3. Regulatory examinations
    1. Board of director risk and managing fiduciary obligations
    2. Vendor contracting and management
    3. Cyber threat information sharing
  4. Litigation claims and trends
    1. Class actions
    2. PCI-related litigation
    3. Shareholder derivative litigation
    4. Regulatory enforcement actions (e.g.,SEC, FINRA, etc.)


The panel will review these and other key issues:

  • Where are new sources of cyber attacks coming from, who are the suspects, what are their motivations and how are they gaining access?
  • How can the FFIEC Cybersecurity Assessment Tool assist financial institutions in identifying and minimizing cyber risks?
  • What are the regulators’ expectations of board of director oversight of cybersecurity and what liability risks do D&Os face in this arena?
  • What are the trends in cybersecurity litigation and what lessons can be learned from litigation to date?


Jason M. Halper
Jason M. Halper

Orrick Herrington & Sutcliffe

Mr. Halper is Co-Chair of the firm’s Financial Institutions Litigation Practice, and is a member of the...  |  Read More

Aravind Swaminathan
Aravind Swaminathan

Orrick Herrington & Sutcliffe

Mr. Swaminathan is a global Co-Chair of the firm's Cybersecurity & Data Privacy team. He is an...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video