Skip to main content

FFIEC Cybersecurity Assessment Tool: Best Practices and Practical Scenarios

Speaker(s): Lisa M. Ledbetter, Michael G. Morgan
Recorded on: Jan. 26, 2016
PLI Program #: 171039

Lisa Ledbetter advises U.S. and non-U.S. banks and financial institutions on strategic, regulatory, enforcement, and compliance matters before federal and state agencies, including the Federal Reserve Board of Governors, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, and the Consumer Financial Protection Bureau, among others. She advises clients on developing new financial products and services; implementing regulatory requirements, including those related to the Dodd-Frank Act; and business integration, expansion, and wind-down. Her practice covers commercial and retail banking, consumer financial services, mortgage banking, government-sponsored enterprises, and administrative enforcement proceedings.

Lisa counsels financial institutions on regulatory requirements resulting from the Dodd-Frank Act, international financial regulation, investments, and activities, including the Volcker Rule limitations on trading and investments, business planning, cybersecurity, credit and debit cards, and administrative enforcement matters.

Before joining Jones Day, Lisa was deputy general counsel for Freddie Mac advising on all aspects of regulation, activities, investments, and legislation. She was previously deputy director of the Office of Policy Development at the FDIC and senior counsel for Regulation, Assessments, Finance and Funding during the thrift crisis.

Lisa was also previously banking and finance counsel at the Department of the Treasury responsible for regulatory and legislative advice regarding banks, financial institutions, and government-sponsored enterprises. At Treasury, she was a principal drafter of the George H. W. Bush administration's financial modernization bill that was ultimately enacted as the FDIC Improvement Act. Lisa was also regulatory counsel for the American Bankers Association and the Independent Community Bankers of America.

Experience Highlights

Areas of Focus


  • American University (J.D. 1986); George Mason University (B.A. in Political Science 1983)

Bar Admissions

  • District of Columbia and Pennsylvania

Government Service

Served with the Federal Deposit Insurance Corporation (1991-1998), including as Deputy Director, Office of Policy Development and Senior Counsel, Assessments, Finance and Funding

Office of the Assistant General Counsel for Banking and Finance, U.S. Department of the Treasury (1989-1991)

Michael G. Morgan represents clients in class actions, litigation and other matters involving cybersecurity, privacy, and protection of consumer and business data. He is co-leader of the Firm’s Privacy and Data Protection practice.

With more than 20 years’ experience in data security and privacy matters, Michael advises clients on cyber incident preparation, prevention and response; compliance with US and EU laws and regulations; completion of enterprise-wide cybersecurity assessments; and data security policies and best practices. He has particular experience in advising clients on large-scale data breaches, including those involving more than 50 million consumer records, both in the US and in dozens of countries around the world.

Michael is a seasoned trial lawyer who has first-chaired numerous jury and bench trials and has resolved scores of cases through mediation and other forms of Alternative Dispute Resolution. He has deep experience in the defense of consumer class actions and government investigations by the FTC, CFPB, FCC, and state attorneys general relating to data security and privacy. Before joining his prior firm, Michael was vice president and general counsel of Epic Cycle, a web app development company.

Michael is a Certified Information Privacy Professional (CIPP/US) by the International Association of Privacy Professionals (IAPP).

Core Capabilities

Regional Markets