Industry · Banking & Capital Markets

Advisory grounded in banking-grade operational discipline.

Banks and capital markets firms operate under continuous regulatory scrutiny. Our advisory bench includes former CISOs of regulated institutions who understand what supervisors will look at and what they will accept.

01 — Landscape

The environment.

Supervisory focus has intensified around third-party risk (interagency guidance), operational resilience (Basel Committee, DORA), and cloud concentration. Boards are expected to demonstrate direct oversight of cyber risk.

02 — Frameworks

What applies.

  • FFIEC IT Handbook

    Baseline supervisory reference.

  • Interagency TPRM Guidance

    OCC/FRB/FDIC joint guidance (2023).

  • DORA

    EU Digital Operational Resilience Act.

  • NY DFS Part 500

    State cybersecurity regulation.

04 — FAQ

Common questions.

How is DORA changing our third-party program?+

It formalizes ICT third-party risk management, mandates register-of-information reporting to competent authorities, and requires exit strategies for critical providers. We stand up the register and align contracts to Article 30.