I would also look into getting a comprehensive Cyber Liability Insurance policy if you don't have one already to cover any court costs/damages or business loses that may arise
Original Message:
Sent: 08-02-2024 03:49 PM
From: Anonymous Member
Subject: Attorneys for Loans
This message was posted by a user wishing to remain anonymous
Very timely that I'm seeing this because I've been trying to enhance our due diligence on cybersecurity for this type of vendor. We did develop an addenda that we have any attorney/law firm sign that states that they have controls in place to maintain confidentiality/safeguarding of information, includes a privacy disclosure, incident response notification requirements and a clause about background checks. We don't have too many people who push back on it.
Original Message:
Sent: 07-10-2024 11:01 AM
From: Anonymous Member
Subject: Attorneys for Loans
This message was posted by a user wishing to remain anonymous
Hard to tell from question if the "attorney" is a solo practitioner, part of a larger law firm (both of which would be third party vendors) or a new hire. The below addresses the first two possibilities.
In addition to any existing third party procedures, worth researching the firm (and the attorney(s) that would be doing the work) on your state's bar association (or equivalent licensing agency's) website. You're looking for (a) they're licensed to practice law and (b) no disciplinary history (or none that troubles your firm). Suggest you require an engagement letter (any reputable law firm has and uses one). Ask about their malpractice insurance.
You'll find that law firms don't like the "how's your system for preventing ransomware, other hacking etc." set of questions. The large majority of firms will, at most, provide an attestation that they have a system to prevent such things. They likely won't have or share SIG report and will raise attorney client privilege as their fundamental duty to protect information.
You should not be surprised when the attorney(s) push back harder on your requests than most outsourced service providers.
Finally, different from many other third party relationships, this attorney likely is better known by your business people than most third party relationships. Prepare for stiffer pushback from your internal people too. This attorney likely does what they want and need and is not something/someone that just happened along. (Again: a generality. But that's my experience.)
Good luck.
Original Message:
Sent: 07-10-2024 09:00 AM
From: Anonymous Member
Subject: Attorneys for Loans
This message was posted by a user wishing to remain anonymous
Our bank has a number of attorneys we work with for loan closings. We are looking to onboard an attorney for our commercial loan department. This would be the first time we are onboarding an attorney for this purpose. Has anyone been in this situation. What approach to due diligence and risk assessment was taken?
Thanks!