Information security policy (ISP) violations are one of the biggest concerns for all organisations around the world, resulting in billions of direct and indirect losses; especially in the financial industry. Senior managers and their leadership style play a crucial role in enforcing the employees’ compliance with ISP. However, previous research has been mostly conducted at individual level and has not fully investigated the effectiveness of ISP from managerial and organisational perspectives. Drawing on neo-institutional theory and transformational leadership model, this research investigates the impact of external mechanisms and transformational leadership on the effectiveness of ISP. The proposed research model will be tested using field survey data from professional managers in the financial sector. Partial least square structural equation modelling (PLS-SEM) will be used to test the proposed hypotheses. The potential contribution of this study is to enhance our knowledge from a theoretical and practical perspective of the role of external and transformational leadership in the effectiveness of ISP.