The Federal Financial Institutions Examination Council (FFIEC) is backing the industry-developed Cybersecurity Profile, which is based on the National Institute of Standards and Technology’s cybersecurity framework.
The Financial Services Sector Cybersecurity Profile is tool financial institutions can use for internal and external cyber risk management assessment and to comply with various regulatory frameworks in the U.S. and globally. It was created because chief information security officers from financial institutions said that roughly 40 percent of their team’s time was spent reconciling various cybersecurity and regulatory frameworks. The tool, released in October 2018, uses a questionnaire to identify the risk and complexity of a company and match the company with an appropriate cybersecurity plan.
A coalition of trade associations and financial services companies within the Financial Services Sector Coordinating Council developed the tool. The group included representation from more than 150 financial institutions ranging from community banks and credit unions to large multi-national banking, investment, and insurance organizations. The American Bankers Association, which was part of the coalition, applauded the FFIEC for its support.
“ABA, along with BPI, FSSCC and a coalition of other trades, rose to the challenge of developing this tool to help harmonize the industry’s approach to cybersecurity,” Rob Nichols, president and CEO of ABA, said. “Support from national and state banking supervisors should encourage more institutions to adopt the Cybersecurity Profile, which will strengthen banks’ security and protect the customers and communities they serve.”