Washington, D.C. – In response to a survey of chief information security officers from financial institutions that indicated nearly 40% of their time was spent on compliance and reconciling competing, duplicative, redundant, and inefficient cybersecurity supervisory examinations, the Financial Services Sector Coordinating Council (FSSCC) led a group of financial trade associations today in unveiling a new Cybersecurity Profile. The new document provides a framework that integrates widely used standards and supervisory expectations to help guide financial institutions in developing and maintaining cyber risk management programs and is the result of two years’ work and collaboration among financial institutions, trade groups, and government agencies. It was spearheaded by FSSCC, the American Bankers Association; Bank Policy Institute and its technology policy subdivision BITS; Futures Industry Association; Global Financial Markets Association and its member associations of the Association for Financial Markets in Europe, the Asia Securities Industry & Financial Markets Association, and the Securities Industry and Financial Markets Association; the Institute of International Bankers, the Institute of International Finance, and FIA.
“The Cybersecurity Profile represents the industry’s commitment to working together to preserve the safety and soundness of the financial system by mitigating and protecting its institutions, their customers and the broader economy from increasing cybersecurity risks,” said Chris Freeney, President of BITS and Executive Committee Member and Policy Committee Co-Chair of the FSSCC. “The Cybersecurity Profile is a first of its kind document that will help the industry harmonize its approach to cybersecurity risk management.”
“There is no greater threat to financial stability than a large-scale cyber event, and robust public private partnerships are the most effective way to manage cyber threats,” said Tom Wagner, Managing Director at SIFMA and Vice Chair of the FSSCC. “The financial services industry is constantly working to improve cyber defenses, resiliency and recovery through massive monetary investment in technology and personnel, regular training, best practices development, and industry tests. The Cybersecurity Profile is the latest example of our commitment to keeping our industry and our clients safe.”
“The industry took up the challenge to find a cybersecurity roadmap that works for both community banks and global banks,” said Denyette DePierro, vice president and senior counsel in ABA’s Center for Payments and Cybersecurity. “It’s an exciting moment and a new, innovative approach to regulation that could be applied to other areas of supervision and oversight.”
The Profile offers a common, credible approach to cybersecurity and assessment and is complementary to the NIST cybersecurity framework. Specifically, the Profile seeks to provide financial institutions and the third-party providers more consistent and efficient processing of examination material by firms and regulators. It also helps regulators and firms to prioritize resources and focus on cyber threats of greatest concern. And it seeks to establish a common set of industry best practices.
The Profile uses a questionnaire to identify the risk and complexity of a company and match the company with an appropriate, customized, and focused cybersecurity assessment. With its tailoring, the Profile enables front-line defenders to optimize their time on security activity, rather than compliance. For example, as compared against another widely used diagnostic, a community bank could reduce the number of questions it might answer by as much as 73%.
Indeed, the Profile is intended for use by any type of financial institution or third-party provider to a financial institution. The industry designed the Profile to be a framework that scales across institutions of varying complexity, interconnectedness, and criticality, and it incorporates regulatory expectations and best practices from across the sector and around the globe.
For more information please click here.