Become a member
CFTC Issues Support for Standardizing Cybersecurity Preparedness Using Cyber Risk Institute’s Profile

The Commission is the latest to voice its support for the Profile, which helps financial institutions develop and maintain cybersecurity risk management programs.

Washington, DC – In an official statement today, the Commodity Futures Trading Commission (CFTC) listed the Cybersecurity Profile — previously maintained by the Financial Services Sector Coordinating Council (FSSCC) and now developed and maintained by the Cyber Risk Institute (CRI), an organization launched in May 2020 by the Bank Policy Institute — as an effective tool used to assess a financial entity’s cybersecurity preparedness, recognizing its standardized approach to risk assessment and alignment with industry standards and best practices.

The CFTC joins a growing list of U.S. and global regulators that have recognized the benefits of the Profile. The Profile offers a common-language approach to cybersecurity and provides a comprehensive cyber threat assessment unique to each financial institution through the issuance of 277 diagnostic statements. The Securities and Exchange Commission (SEC), the Federal Deposit Insurance Corporation (FDIC), the National Institute of Standards and Technology (NIST), and other regulatory bodies have released similar statements applauding the Profile’s focus and efficiency in identifying risk while reducing paperwork.

“The Profile continues to garner a tremendous reception and further acceptance by the regulatory community, and we thank the CFTC for its statement on the Profile. The Profile was designed to enhance cyber security and resiliency for financial institutions for the benefit of their customers and their relationship with regulators,” remarked CRI Founder and Managing Director Josh Magri. “We could not be prouder of the momentum the Profile is gaining,” he added, referring to the growing list of agencies publicly recognizing the Profile.

With more than 100 firms across 4 continents implementing the Profile to date, CRI’s members continue to develop and enhance their diagnostic framework to help institutions respond to evolving threats. Because of their advocacy for consistency and efficiency across the industry, their members can maintain regulator and consumer confidence. For more information, visit For all media inquiries, please contact Austin Anton at


The Cyber Risk Institute (CRI) is a not-for-profit coalition of financial institutions and trade associations operating as a subsidiary of Bank Policy Institute. CRI is working to protect the global economy by enhancing cybersecurity and resiliency through assessment standardization. Its Cyber Profile tool is the benchmark for cyber security and resiliency in the financial services industry. Learn more at

Next Article
Cyber Risk Institute Launches to Mitigate Cyber Risk and Support Compliance for Financial Services