Become a member
CRI Submits Letter To FRB, FDIC and OCC in Response To the Profile’s Inclusion in Joint Agency Report on Operational Resilience

Yesterday, the Cyber Risk Institute (CRI) sent a letter to the Federal Reserve Board (FRB), the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) that acknowledged the inclusion of the CRI Cybersecurity Profile[1] within a report on operational resilience issued jointly by the three agencies.

In this letter, CRI thanked agencies’ leadership for their forward-thinking analysis and pledged to continue to work to update and expand the Profile in a way that supports regulatory oversight efforts while easing compliance burdens throughout the industry. In fact, this report, titled “Sound Practices to Strengthen Operational Resilience,” mirrored the NIST-based structure, as does the CRI Profile – providing recognition of the effectiveness of an approach which combines industry best practices with regulatory requirements. Though this report does not include any new regulation, it is a clear indication of the future of efforts to address operational resilience in the face of major risks, including cyberattacks, natural disasters and pandemics.

CRI Managing Director Josh Magri, who authored the note, stated that “this report helps meet a growing demand. The entire industry is looking for a way to face these critical risks. The CRI approach, and the approach outlined in these ‘Sound Practices,’ is the way forward: one that is flexible because it is organized around leading best practices while addressing regulatory demands. As operational resilience becomes a greater point of discussion, we are eager to see this first step and honored to have been included.”

Please find a copy of this letter here.

If you have any questions, reach out to Alan Carroll, Vice President of the Cyber Risk Institute, at


The Cyber Risk Institute (CRI) is a not-for-profit coalition of financial institutions and trade associations operating as a subsidiary of Bank Policy Institute. CRI is working to protect the global economy by enhancing cybersecurity and resiliency through assessment standardization. Its Cyber Profile tool is the benchmark for cyber security and resiliency in the financial services industry. Learn more at

[1] The CRI Cybersecurity Profile was first released under the leadership of the Financial Services Sector Coordinating Council (FSSCC) as the Financial Services Cybersecurity Profile. It is this name which is referenced in the jointly issued “Sound Practices to Strengthen Operational Resilience.”

Next Article
The CRI Profile - Introduction and Implementation