How should the FS-ISAC advise financial institutions about the actions they might take?

An FS-ISAC perspective: Assume the role of an analyst at the FS-ISAC. You are asked to advise the Executive Director on how should the FS-ISAC respond to this issue. How should the FS-ISAC advise financial institutions about the actions they might take? This should take the form of a 2-3 paragraph email from the analyst to the Executive Director of the FS-ISAC.
Scenario
ACME Company, USA provides a “comprehensive suite of cybersecurity services.” Its flagship offering is anti-virus software. In addition, it offers on-site consulting (sending an analyst to a company’s facility), written reports on various cybersecurity threats that clients should be aware of, penetration testing, and incident response. The ACME Company, USA has a parent, the ACME Company of Calormen.
The ACME Company, USA, includes on its Board of Directors three senior officials of the ACME Company of Calormen.
News reports and commentators state that the laws of the country of Calormen require that all data that is managed by companies subject to its laws can be accessed by its law enforcement and intelligence agencies.
There has been a steady stream of reporting in the media over the past six months that there are close connections between the leadership of the ACME Company of Calormen and the intelligence services of that country. Reports indicate that senior officials of the company often play golf with various government officials, including those in the intelligence services. Moreover, several senior leaders of the ACME Company of Calormen were previously employed by the intelligence services of that country.
Five federal agencies have contracts to use ACME Company USA products and services. Moreover, ACME Company USA has just announced a major new effort to sell its software to energy companies, financial institutions, and defense contractors.
New facts: As you know, the ACME Company, USA includes on its Board of Directors three officials from the parent company based in Calorman. You have just received biographies on those members of the Board from an intelligence community analyst. Most notably among the biographies is Katarina Khrushchev, who was educated at the Calorman cryptography institute. She then worked for the Calorman military, and is believed to have worked on a project setting up communications and signals analysis in Havana, Cuba targeting U.S. and British telecommunication undersea communication cables. In 1995 Katarina resigned from the Calorman military and started Baltic Soft, primarily focusing on industrial controls software such as Supervisory Control and Data Acquisition (SCADA) used in power plants and nuclear enrichment facilities. In 2001 Baltic Soft was purchased by ACME of Calorman and Katarina was added to the USA company’s Board of Directors.
You should be aware of a new development in the controversies surrounding the ACME Company, USA. The CEO of the ACME Company, USA has just held a press conference and announced that the company purchasing new data centers in Ashburn, Va. so that it can store and process all information from its American customers within the borders of the United States of America. The company pledges that all data from its American customers will be analyzed, processed and stored within the United States only, and will never transit to its servers in other countries, including Calormen.
resources:
https://drive.google.com/file/d/0B9ZNso9Oh1VBQzZJVGtGcXJzb3F4VzdqcUFvUXNOdzhOYVE0/view?resourcekey=0-Hw1gKPrbNKnOqQbNvNoO6g
https://drive.google.com/file/d/0B9ZNso9Oh1VBQXVub3YzRF9QamdHTGRRR0FoenpJemRWTzVZ/view?resourcekey=0-sUsM5TagGE6J0h5P9x6sQA
https://www.sec.gov/spotlight/cybersecurity
https://www.fsisac.com/who-we-are