Vertical
Financial Services
Banks, credit unions, asset managers, RIAs, broker-dealers, insurers, and fintechs operate in one of the most heavily regulated cybersecurity environments in the U.S. Illumant knows the regulators, the guidance, and the assessments that satisfy both.
The financial-services security landscape
Top priorities are protecting personal client information and customer-facing portals, preventing fraud, and demonstrating a defensible cybersecurity program to a long list of overlapping regulators. Illumant knows the regulations, the regulators, and the guidance — GLB, FDIC, NCUA, OCC, FTC, SEC, FFIEC, OCIE, NYDFS — and our services address their requirements as well as the security best practices the industry has converged on.
We work across the full institutional spectrum, from community banks and credit unions to multi-billion-dollar asset managers and high-growth fintechs. The common thread: a single engagement that satisfies multiple regulators while genuinely improving security posture.
Sub-segments we serve
Community & regional banks
FFIEC IT Examination Handbook & CAT, GLBA Safeguards Rule, BSA/AML adjacency, FDIC IT exam readiness, core-banking platform security.
Credit unions
NCUA ACET (Automated Cybersecurity Evaluation Tool), member portal security, mobile banking app testing, ATM/network segmentation.
Asset managers & RIAs
SEC OCIE / Division of Examinations cybersecurity readiness, custodial connectivity, trading platform security.
Broker-dealers
FINRA 4370 BCP, SEC Reg S-P safeguards, OCIE expectations, market-access pre-trade controls.
Insurance carriers
NAIC Insurance Data Security Model Law (state-by-state adoption), policyholder portal security, claims-system testing.
Fintech & payments
PCI-DSS for payment processors, SOC 2 for B2B SaaS, banking-as-a-service partner due diligence, app + API security at scale.
The regulator alphabet
FFIEC
Interagency cybersecurity assessment guidance, IT Examination Handbook.
GLBA
Safeguards Rule administrative, technical, and physical safeguards for customer information.
SEC / OCIE
Cybersecurity examination priorities for RIAs and broker-dealers.
NYDFS
23 NYCRR 500 — Cybersecurity Requirements for Financial Services Companies.
FDIC / OCC / NCUA
Examination expectations for state non-member banks, national banks, and credit unions.
PCI-DSS
Card-handling and processor requirements.
FTC Safeguards
Updated GLBA Safeguards Rule applicable to non-bank financial institutions.
SOX
ITGCs supporting financial reporting.
Popular compliance services
Popular assessment services
PSA
Perimeter Security Assessment & Penetration Testing
Annual external penetration testing — required, expected, or assumed by every financial regulator.
WASA
Web Application Security Assessment
Customer portals, trading platforms, mobile banking apps, and the APIs behind them.
CASA
Critical Asset Security Assessment
Crown-jewel testing of trading, core banking, custodial, GL, and customer-data systems.
LANSA
LAN Security Assessment
Internal assume-breach testing — what an insider or post-phish attacker can reach.
SocEng
Social Engineering
Phishing, vishing, and physical testing — directly addresses OCIE awareness findings.
PPPA
Policies, Procedures and Practices Assessment
Policies, procedures, and practices gap analysis against FFIEC, GLBA, NYDFS, OCIE.
RA
Risk Assessment
Top-down risk assessment — replaces the stale RAs OCIE consistently flags.
Ready to start a conversation?
Talk to a senior consultant — we'll scope an engagement that fits your environment.