Our Cybersecurity and Financial Privacy team counsels banks, creditors, credit unions, and other financial institutions and their service providers, including vendors and processors, on a variety of cyberspace, cybersecurity, and financial privacy issues. We advise our clients on data breach prevention, response, litigation management, and resiliency, as well as a wide variety of related federal and state regulatory requirements. We help our clients offer online products and services through the entire lifecycle of the project, including the RFP process, vendor management and contracting, regulatory compliance and disclosures, electronic contracting, information security, and coordination with existing client policies and procedures.

Bradley attorneys have years of experience in working collaboratively with clients in the financial services industry. Several of our attorneys have served as bankers or bank regulators. We understand not merely the applicable laws and regulatory requirements, but more significantly, we understand our clients’ businesses. We work on a daily basis with banks and other financial service providers of all sizes, with respect to both their brick-and-mortar operations and their online services. This enables us to deliver solid, practical advice and counsel to help clients manage their cybersecurity and privacy risks successfully.

We draft a variety of consumer credit, deposit, online and mobile banking, and credit and debit card agreements designed to satisfy our clients’ regulatory requirements and commitment to preserving the confidentiality of their consumer customers’ financial privacy. Our attorneys also draft business retail agreements, such as treasury management agreements, international and domestic wire transfer agreements, ACH agreements, loan and leasing agreements, and other transactional documents intended to allocate cyber risk and financial privacy risk fairly between our clients and their clients, and to facilitate coordination of the parties’ efforts.

Bradley counsels financial services clients that have experienced a data breach from the point of discovery through the entire response and resiliency process. We work on an expedited and proactive basis by assembling team members from various disciplines and practice groups to navigate the complex regulatory, contractual, and law enforcement requirements; advise our clients regarding their cyber-insurance coverages; and guide them through their obligations to their customers and vendors, including notice and risk mitigation efforts. We work with their forensic investigators to ascertain the scope and effect of the breach and to protect the privileged nature of their work. We also work with their human resources, marketing, and public relations departments to ensure that a proactive, yet consistent, message is conveyed to potentially affected individuals. Our team includes litigators who work at every stage in the response process to manage and mitigate the liability risks posed by the breach. We also guide our clients through the aftermath of response, to ensure resiliency of systems, process, and policies designed to strengthen their cybersecurity management going forward.

We regularly advise and counsel financial services clients on a variety of privacy and information security risk assessment and mitigation processes, including the identification of, protection from, detection of, response to, and recovery from data security risks. Our lawyers work with our clients on internal processes and procedures designed to mitigate cyber risk and privacy threats at all levels of bank operations. In addition, we help develop customer-facing privacy policies and disclosures, including website privacy policies and GLBA and FCRA notices.

On a day-to-day basis, we assist clients with compliance involving a broad range of regulatory matters in connection with cybersecurity for the financial services industry, such as:

  • Electronic Signatures in Global and National Commerce Act (E-Sign)
  • Uniform Electronic Transactions Act (UETA) and corresponding state laws
  • UCC Articles 4 and 4A with respect to online financial services and electronic transactions
  • Federal Financial Institutions Examinations Council (FFIEC) Information Security Examination Handbook and Cyber-Assessment Tool and Guidance
  • Unfair, Deceptive (Abusive) Acts and Practices (UDAAP/UDAP)
  • Gramm-Leach-Bliley Act (GLBA) and its Safeguards Rule
  • Right to Financial Privacy Act (RFPA)
  • Federal Trade Commission (FTC) Rules and Enforcement Actions
  • Fair Credit Reporting Act (FCRA) and its Fair and Accurate Credit Transactions Act (FACTA)
  • Telephone Consumer Protection Act (TCPA)

Our team drafts and negotiates service provider agreements on behalf of banks, creditors, and financial service clients to help them satisfy regulatory obligations and manage vendor risk, including SaaS, cloud computing, software licensing, bank core outsourcing, payment processing, credit card receivables and securitizations, and other information technology and service provider contracts. We draft related confidentiality, information security, independent contractor, web development and hosting, and business associate agreements intended to shore up our clients’ ability to protect the privacy and security of their proprietary and customer information. We also advise clients on the management of third-party risk through cyber-insurance coverage.

Our team counsels financial institutions and FinTech companies on all aspects of using technology to offer a financial product or service. We understand the need for our traditional banking clients to innovate in the consumer financial space, so we use our longstanding regulatory compliance experience coupled with our cutting-edge technology focus to help them navigate the complex regulatory landscape, including: fair lending; unfair, deceptive, and abusive acts or practices; privacy; and cybersecurity matters. We advise our clients on how to address the third-party risk associated with these arrangements. We also work with our clients to minimize the transactional and reputational risks associated with the Bank Secrecy Act (BSA) and anti-money laundering requirements associated with FinTech. In addition, we are poised to advise FinTech companies with respect to new and proposed charter and licensing requirements.