SIFMA Updates Cyber Incident Reconnection Framework for Financial Services Sector

New York, NY, Dec. 16, 2025 – SIFMA and the Financial Services Sector Coordinating Council (FSSCC) today published an updated version of The Financial Services Sector Reconnection Framework, which is designed be used by a firm which has been compromised by a cyber incident.

The SIFMA Framework has been updated jointly by both organizations, addressing the scope of reconnection issues across the industry in order to produce a product suitable for broader adoption by the financial services sector.

The document provides a five-step mitigation framework – assess, remediate, assure, reconnect and recover – and is intended to support and inform a technical view of reconnection as well as broader resilience planning.

“There are many issues that a firm compromised by a cyber incident must first address in order to reconnect to the financial ecosystem after a cyber event has been contained and mitigated,” said Tom Wagner, managing director, Financial Services Operations at SIFMA. “Most importantly is how the firm should communicate, coordinate and provide assurance to what could be dozens of trading partners in the most efficient and effective way to convey that the problem has been resolved and will not recur. This is crucial so the firm and its trading partners can resume normal business as usual operations.”

SIFMA’s Reconnection Framework was originally published in 2020 with the endorsement of U.S. Department of the Treasury, the Analysis and Resilience Center for Systemic Risk (ARC), the Financial Services Information Sharing and Analysis Center (FS-ISAC), FSSCC, sector trade organizations such as the Bank Policy Institute (BPI) and over thirty financial services firms. The original document set out expectations the financial sector has on global systemically important financial institutions in the event of a cyber incident that disrupts critical business operations.

Since then, the complexity of the financial services supply chain and the role of relatively small, but nonetheless critical, third-party providers have only increased. At the same time, the world is experiencing a more hostile cybersecurity environment than at any other time in modern history. Through this period, the sector has continued to experience incidents resulting in the disconnection of third parties and the subsequent process of attempting to gain enough assurances about the status of their security to allow for reconnection. As a result, SIFMA responded to broader concerns about third-party resilience by working with its members to update the Framework in 2023.

“The Financial Services Sector Reconnection Framework marks an important step on our sector’s preparedness journey,” said FSSCC Chair and PNC Head of Technology Debbie Guild. “This tool will empower firms of all sizes to confidently shape their own reconnection strategies and provides clarity around the sector’s expectations for third party providers. It will help our industry remain resilient and adaptable in the face of an evolving threat landscape.”

SIFMA’s Framework has gained wide recognition across the financial sector, including internationally, where the United Kingdom Cross Market Operational Resilience Group (CMORG) and other systemically important financial institutions used it as the basis for their own Reconnection frameworks. The SIFMA/FSSCC and CMORG frameworks are now highly aligned, which demonstrates the demand for a holistic framework usable across the entire financial sector.

The Framework is available here.

-30-

SIFMA is the leading trade association for broker-dealers, investment banks and asset managers operating in the U.S. and global capital markets. On behalf of our industry’s one million employees, we advocate on legislation, regulation and business policy affecting retail and institutional investors, equity and fixed income markets and related products and services. We serve as an industry coordinating body to promote fair and orderly markets, informed regulatory compliance, and efficient market operations and resiliency. We also provide a forum for industry policy and professional development.  SIFMA, with offices in New York and Washington, D.C., is the U.S. regional member of the Global Financial Markets Association (GFMA).

The Financial Services Sector Coordinating Council, or FSSCC for short, was established in 2002 by financial institutions to work collaboratively with key government agencies while coordinating critical infrastructure and homeland security activities within the financial services industry. We are an industry-led non-profit organization and our mission is to bring together our members from financial services, trade associations, and other industry leaders to assist the sector’s response to natural disasters, threats from terrorists, and cybersecurity issues of all types. The FSSCC partners with the public sector on policy issues to enhance the security and resiliency of the United States financial system. The U.S. Department of Homeland Security recognizes the FSSCC as the sector coordination council on behalf of the banking and finance sector. For more information, visit https://fsscc.org.