<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Cybersecurity Frameworks

Leveraging FSSCC Cybersecurity Profile in the Financial Sector


2020 is a critical year for harmonizing financial services cybersecurity regulations and unifying them under the fsscc cybersecurity profile. 

The Financial Services Sector Coordinating Council (FSSCC) cybersecurity profile was created by leading institutions including the Bank Policy Institute (BPI), to fulfill the need for a more efficient, tailored, and easily communicated framework to assess against, align to, and leverage to improve cybersecurity resilience. The profile is designed for all financial institutions, financial services organizations from banking, asset management, broker-dealers, insurance, to market utilities. 

On October 25, 2018, the Financial Services Sector Coordinating Council (FSSCC) published the cybersecurity profile. The FSSCC publicized the cybersecurity profile across the industry, as it was created in partnership and collaboration between the American Bankers Association, Bank Policy Institute, the Institute of International Bankers, and other financial industry leaders.

The sector profile’s aim is to simplify the regulatory strain that financial institutions are under while providing a more sector-specific standard to benchmark their organizations against. By optimizing the requirements they assess themselves against as well as expediting the assessment process for those organizations, the financial services cybersecurity profile offers a "73% reduction for community institution assessment questions" when compared to the FFIEC CAT, according to FSSCC's published Benefits to Financial Institutions.


What Are Future Plans for the FSSCC Cybersecurity Profile?

The FSSCC’s survey results showed that Chief Information Security Officers from financial institutions indicated that nearly 40% of their time, and their teams’ time, was spent reconciling various cybersecurity and regulatory frameworks.

The Financial Sector Coordinating Council (FSSCC), the trade associations, financial institutions, and other organizations and thought leaders who helped in developing the profile have noted that consistent iterations and improvements to the profile are essential for financial services sector cybersecurity to stay ahead. Every 2-3 years, the group plans to update the FSSCC cybersecurity profile. Therefore, the FSSCC and other stakeholders will continue to shape the cybersecurity profile over several cycles, so financial institutions can benchmark themselves in the most effective way as the cybersecurity risk landscape changes. Other standards bodies already abide by this practice, such as the National Institute of Standards and Technology (NIST) and the International Standards Organization (ISO).

In the financial services industry, CISOs are already heavily burdened by regulatory requirements, made even more difficult to manage with the cybersecurity talent shortage. The FSSCC cybersecurity profile will give CISOs enterprise-wide visibility across their business units and LOBs, departments, vendor risk management initiatives, and will allow them to benchmark their programs both internal and external. Cybersecurity risk management will be more accessible and manageable using the sector profile as opposed to tools such as the FFIEC cybersecurity assessment tool (CAT), according to the FSSCC stakeholders and website.


Mappings from the FSSCC Cybersecurity Profile to Regulatory Requirements

Due to increased demand for industry mappings, the FSSCC cybersecurity profile has already been mapped to various regulatory compliance frameworks and standards, such as ISO27001 and CPMI-IOSCO’s “Guidance on Cyber Resilience for Financial Market Structures” and others. The FSSCC plans to release mappings on a rolling basis.

According to the FSSCC, “Many Financial Services Cyber-Related Proposals Describe Similar Concepts to the NIST Cybersecurity Framework (but with Different Terminology)”. Mappings between other financial sector compliance standards and the financial sector profile will aid in bolstering cyber risk management and accelerating potential for continuous compliance and improvement across the financial services industry. Examples of similar mappings between regulations, NIST subcategories, NIST categories, and NIST functions are below.

FSSCC Cybersecurity Profile


You may also like

Conducting Your First Risk ...
on January 30, 2023

As digital adoption across industries increases, companies are facing increasing cybersecurity risks. Regardless of their size, cyber-attacks are a persistent threat that must be ...

Your Guide to Cloud Security ...
on January 26, 2023

Cloud computing refers to the delivery of multiple services via the internet (also known as the “cloud”), including software, databases, servers, storage, intelligence, and ...

Compliance and Regulations for ...
on January 9, 2023

Compliance for many cybersecurity programs has been the cornerstone and the catalyst for why many programs exist in the first place. Since the rise of the information technology ...

Cyber Risk Quantification: Metrics ...
on January 6, 2023

Risk management is the new foundation for an information security program. Risk management, coupled with necessary compliance activities to support ongoing business operations, ...

Padraic O'Reilly
Cybersecurity Maturity Models You ...
on January 27, 2023

Cybercrime has forced businesses worldwide into paying billions of dollars yearly. As more of the population becomes dependent on technology, the fear of cyber attacks continues ...

Top 10 Risks in Cyber Security
on December 23, 2022

Increasing cyber security threats continue creating problems for companies and organizations, obliging them to defend their systems against cyber threats. According to research ...