These resources help financial services firms to address critical cyber threats and improve the industry’s overall cybersecurity. Many resources apply industry best practices as well as the volunteer efforts of SIFMA member firms.

Learn more about SIFMA’s efforts around cybersecurity, including the Principles for Effective Cybersecurity Regulatory Guidance.

Best Practices for Insider Threats

SIFMA, leveraging the most effective guidance from both the private and public sectors, provides a comprehensive set of best practices to inform firms of the insider threats they face and a framework to establish a prevention-focused insider threat mitigation program.

Data Protection Principles

Financial companies need to collect and share sensitive information to run their everyday business. Members of SIFMA’s Data Protection Working Group have developed a set of principles for the protection of sensitive data that align with the NIST Cybersecurity Framework.

Financial Services Cybersecurity Profile

The Financial Services Cybersecurity Profile provides a benchmark for cybersecurity and resiliency in the financial services industry. The Profile is available – at no cost to the industry – through the Cyber Risk Institute (CRI), a not-for-profit coalition of financial institutions and trade associations.

The Profile is based on NIST’s “Framework for Improving Critical Infrastructure Cybersecurity”; CPMI-IOSCO’s “Guidance on cyber resilience for financial market infrastructures”; ISO 27000 series controls for information security management systems; and financial sector supervisory guidance and regulatory frameworks.

GFMA Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry

This Framework is designed to create an agreed upon approach for regulators and financial services firms to conduct effective testing to satisfy both supervisory and firm originated requirements. In this second version, published December 2020, these principles are updated based on the evolution of industry best practices and guidance from frameworks around the world.

Global Financial Markets Association (GFMA) Correspondence

The Global Financial Markets Association (GFMA), SIFMA’s global affiliate, serves as a forum to address international cyber risk. Correspondence includes consultations with the Bank of England, Financial Conduct Authority, Bank of International Settlements, Financial Stability Board and more.

Guidance for Small Firms

This program is intended to provide small firms with actionable cybersecurity guidance that is risk-based, threat-informed and supportive of their overall business model.

International Cybersecurity, Data and Technology Principles 

GFMA (SIFMA’s global affiliate), the European Banking Federation (EBF), and International Swaps and Derivatives Association (ISDA) published a paper that offers the groups’ thoughts on foundational principles for the formation of effective policy on cybersecurity, data and technology.

Quantum Dawn Exercises

SIFMA has organized the Quantum Dawn exercise series to enable both individual firms and the sector as a whole to test their response plans in the event of a systemic attack.

Sheltered Harbor

Sheltered Harbor is an initiative by the U.S. financial services sector to enhance customer data protection and ensure swift restoration of customer accounts in the event of a major cyber-attack.

Government Agencies

Useful Links