Areas oF Practice

Special Services for Financial Institutions

Greensfelder’s Technology Transactions Practice Group provides a number of special services for financial institution clients, including banks, broker-dealers and investment advisors, and trust companies. We combine our technology transactions experience with an understanding of the regulatory framework that governs financial institutions in the areas of:

  • Technology Procurement and Outsourcing
  • Information Security and Privacy
  • Vendor Selection and Due Diligence
  • Service Provider Oversight

Our financial institution clients are required by law to protect the nonpublic personal information of customers. We advise clients on achieving compliance under the Gramm-Leach-Bliley Act, including the privacy and safeguarding regulations promulgated by the banking agencies, SEC, FTC, and other functional regulators. We also assist clients in meeting their regulatory obligation to oversee service providers. Examples of our services include developing and advising on:

  • Privacy notices for customers.
  • Policies and procedures for safeguarding nonpublic personal information.
  • Due diligence tools and model agreements for selecting, contracting with, and overseeing service providers.
  • Incident response plans for data security breaches.

The banking agencies, as well as self-regulatory organizations like FINRA, have approached service provider oversight as a natural extension of a financial institution’s general supervisory obligations. These regulators are concerned not only with the safeguarding of nonpublic personal information, but also with how the outsourcing of important financial services activities affects a financial institution’s ability to meet its supervisory and compliance obligations. As part of an overall information security program, we assist clients in:

  • Exercising appropriate due diligence in selecting service providers.
  • Entering into written confidentiality agreements with service providers limiting the use and disclosure of personal information.
  • Requiring service providers by contract to implement appropriate security controls designed to meet the safeguarding requirements.
  • Monitoring service providers to confirm that they have satisfied their confidentiality and safeguarding obligations.

For additional information regarding Greensfelder’s technology, information security and privacy services for financial institutions, please contact M. Spencer Garland at (314) 516-2613 or

We Earn Our Reputation from the Companies We Keep®