Become a member
Cyber Risk Institute Launches to Mitigate Cyber Risk and Support Compliance for Financial Services

CRI’s “Profile” is already being implemented by major financial institutions and accepted by the regulatory community

Washington, DC – To more effectively support the cyber security and resiliency of the world’s financial institutions, the Bank Policy Institute today led a coalition of trade associations and financial institutions to create the Cyber Risk Institute (CRI). CRI is a coalition of more than 31 firms and growing, representing the entire spectrum of the financial services industry. The organization was established to develop cyber security and resiliency strategies and standards to help institutions respond to evolving threats. By implementing a common language for cybersecurity risk assessment, CRI will continue to maintain and develop the Financial Services Cybersecurity Profile (the “Profile”; also known outside of the United States as the Financial Services Profile or “FSP”).

According to an industry survey, Chief Information Security Officers for financial institutions reported that they spent up to 40% of their time satisfying compliance requisites for government and non-government regulatory agencies. This is valuable time, they indicated, that could be invested in addressing strategy and implementing risk mitigation and threat prevention measures.

“The world’s largest banks recognize cyber security and resiliency as a top priority for their institutions and the broader financial services industry,” stated BPI President & CEO Greg Baer. “CRI is an invaluable industry resource made possible by the industrious work of our experts and industry partners, including BPI Executive Vice President Chris Feeney and CRI Managing Director Josh Magri.”

“The financial services industry’s success with the underlying model compelled BPI to launch CRI as a proactive effort to fortify the financial system and make CRI’s resources available to all,” added BPI Executive Vice President and President of BITS, Chris Feeney. “The Profile has received a positive reception from industry and regulators since its launch in 2018, and CRI will be instrumental in expanding support and use of the Profile both in the U.S. and abroad.”

With the cooperation and contributions of hundreds of organizations and trade associations, including the American Bankers Association, which is represented on its board, CRI is home to the Profile. The Profile is a risk assessment tool that can be applied to financial institutions of all sizes, as well as third-party providers to those institutions. By consolidating over 2400 regulatory questions into just 277 diagnostic statements, it provides a comprehensive cyber threat assessment unique to each financial institution, while also meeting regulators’ compliance requirements.

“The Profile is now in use by upwards of 100 firms on four continents, and is experiencing substantial growth in adoption with member contributions resulting in version enhancements every 2-3 years,” said CRI Managing Director and Founder, Josh Magri. “Optimizing the compliance process means that those professionals can devote more time to keeping our global economy safe from potentially devastating cyberattacks – a solution that equips the institution, benefits the regulatory community by allowing more firm-to-firm comparison and serves the consumer.”

For more information, visit For all media inquiries, please contact Austin Anton at


The Cyber Risk Institute (CRI) is a not-for-profit coalition of financial institutions and trade associations operating as a subsidiary of Bank Policy Institute. CRI is working to protect the global economy by enhancing cybersecurity and resiliency through assessment standardization.  Its Cyber Profile tool is the benchmark for cyber security and resiliency in the financial services industry. Learn more at

Next Article
BPI-BITS Submits Comments to FTC as Part of FTC's Systematic Review of Regulation and Guides