Legal Development and Implementation of a Cybersecurity Policy for a Non-Banking Financial Institution

AMBASSADORS was engaged by a well-established non-banking financial institution (a client under NDA) to design and implement a comprehensive cybersecurity policy. This initiative was crucial to the company’s risk management framework and long-term regulatory strategy.

In an increasingly hostile cyber landscape and under the scrutiny of Ukraine’s financial regulator, the client required a customised solution to ensure compliance, operational resilience, and readiness for audits, inspections, and licensing procedures. This project integrated regulatory law, cyber risk governance, and strategic foresight.

The policy was carefully aligned with the mandatory requirements established by the National Bank of Ukraine, including Resolution No. 95 (on information security systems for non-banking institutions), Resolution No. 58 (on risk management systems), and relevant provisions of the Law of Ukraine “On Payment Services.” We also incorporated best practices from leading international frameworks such as ISO/IEC 27001, the NIST Cybersecurity Framework, and emerging EU standards, including DORA, to ensure both regulatory compliance and future-proof resilience.

The depth of integration made this project unique: our team translated technical and operational needs into enforceable internal policies, structured incident response procedures, access control protocols, third-party risk clauses, and practical tools for staff onboarding and ongoing compliance. The final deliverables included a legally sound, audit-ready internal policy package, supported by workflows and legal templates that were fully embedded into the client's internal processes.

This engagement highlights how AMBASSADORS assists financial institutions in turning regulatory complexity into a strategic advantage by transforming cybersecurity from a reactive IT concern into a legally grounded pillar of operational trust.

The project was co-led by Andrii Kotyk and Yaroslav Ognevyuk , who combined their deep sector knowledge, legal expertise, and cross-disciplinary coordination to deliver a solution at the intersection of law, compliance, governance, and technology.