top of page
Search

The Sun Sets on FFIEC CAT — and SmartSuite Is Ready with a Smarter Way Forward for Banks

Updated: 1 day ago

With the FFIEC Cybersecurity Assessment Tool (CAT) officially riding off into the regulatory sunset by August 2025, U.S. banks face a looming compliance gap. But rather than scramble for stopgaps or duct-tape solutions, a new alliance between SmartSuite and the Cyber Risk Institute (CRI) is offering the financial sector something rare: clarity, scalability, and a path forward built for the 21st century.


The two organizations announced a new partnership this week as part of CRI’s Innovator Program, positioning SmartSuite’s no-code governance platform as a modern engine for automating and streamlining compliance around the CRI Profile—a framework built by the financial industry, for the financial industry.


“SmartSuite streamlines compliance workflows, and now with the CRI Profile in SmartSuite, banks can more confidently meet evolving regulatory expectations,” said Josh Magri, CEO of the Cyber Risk Institute. “We are thrilled to welcome SmartSuite as an Innovator in our program.”


Goodbye CAT, Hello CRI


The timing couldn’t be better. Financial institutions of all sizes—from local community banks to organizations managing over $10 billion in assets—are navigating a chaotic period of regulatory evolution. With cyberattacks growing in frequency and sophistication, regulators are pushing for stronger risk management standards while simultaneously sunsetting tools like the FFIEC CAT that once served as industry benchmarks.


The CRI Profile, grounded in NIST’s newly updated Cybersecurity Framework 2.0, offers a standardized way to assess and report on cybersecurity risk. But while the Profile offers rigor, SmartSuite brings the operational muscle to make it manageable in the real world.


“At SmartSuite, we believe compliance should be simple, automated, and accessible to all financial institutions, regardless of their size,” said Jon Darbyshire, CEO of SmartSuite. “Our no-code, easy-to-use platform empowers compliance managers and CISOs to seamlessly navigate the CRI Profile and automate all GRC processes with ease.”


Scaling Compliance Without the Bloat


SmartSuite’s platform breaks with the legacy GRC mold, which too often requires expensive consultants, sprawling interfaces, and months of onboarding. Instead, the system offers:


  • Intuitive, structured compliance tracking aligned directly with CRI diagnostic statements

  • Automated workflows for reviews, approvals, and reminders

  • Real-time dashboards that flag progress and risk at a glance

  • Centralized document control for evidence management and audit readiness

  • Scalability that doesn’t punish smaller institutions with unnecessary complexity


In other words: compliance without the traditional pain points.


Analyst Backing


Industry experts are already weighing in, and the verdict is promising.


“The partnership between SmartSuite and the Cyber Risk Institute addresses a critical need in today's evolving regulatory environment,” said Michael Rasmussen, a GRC analyst at GRC 20/20 Research. “As banks transition away from the FFIEC CAT, the integration of the CRI Profile into SmartSuite’s intuitive and agile GRC platform is both timely and essential.”


He noted that SmartSuite’s configurable, no-code architecture makes it particularly valuable for mid-sized and smaller banks who often lack the resources to adapt bulky GRC platforms or build custom solutions from scratch.


A New Compliance Era


Beyond just filling the FFIEC void, this partnership signals a broader shift in how the financial sector approaches compliance: from box-checking exercises to integrated, real-time risk oversight. With cyberattacks accelerating and regulatory expectations rising in tandem, banks need tools that don’t just help them keep up—but actually help them get ahead.


SmartSuite and CRI seem to be betting on exactly that.

bottom of page