Skip to main content

The Fiduciary League Certification Program

A tiered framework for documented, publicly verifiable communication security across the fiduciary sector. Earned by evaluation. Maintained by standard.

The Fiduciary League Certification Program is not a course, a test, or a fee-for-badge arrangement. Certification is earned through independent evaluation against published standards — the same passive, public-record methodology used in the Assessment Registry. Firms do not apply. They are evaluated. The certification record is public, permanent, and verifiable by any counterparty.

The Five Standards

The Fiduciary League evaluates firms across five published standards. Each standard addresses a distinct layer of communication security infrastructure. All evaluations are conducted against publicly available records — no firm cooperation is required or requested.

Standard 1 Communication Integrity

SPF sender authorization, DKIM message signing, and DMARC enforcement policy. The baseline standard for email authentication — the primary vector for wire fraud targeting fiduciary transactions.

Evaluated via: Public DNS records (TXT queries). Full specification →

Standard 2 Domain Security

HTTPS enforcement, HTTP-to-HTTPS redirect hardening, HSTS (Strict-Transport-Security) with minimum one-year max-age, and Certificate Authority Authorization (CAA) DNS records. Closes the transport layer above email authentication.

Evaluated via: Passive HTTP header inspection, DNS CAA records.

Standard 3 Credential Integrity

Absence of firm domain accounts in public breach databases. Credential exposure from third-party data breaches is a documented precursor to business email compromise. Standard 3 evaluates whether the firm's email domain has appeared in known breach datasets.

Evaluated via: Public breach notification databases (HIBP and equivalent).

Standard 4 Certificate Transparency

Valid, current TLS certificates with no unauthorized or rogue certificates present in Certificate Transparency logs. Unauthorized certificate issuance enables undetectable man-in-the-middle interception of encrypted communications.

Evaluated via: Certificate Transparency logs (crt.sh and equivalent).

Standard 5 Web Application Integrity

Web security headers protecting client-facing portals and websites against clickjacking, MIME-type attacks, and data injection. Relevant where clients or counterparties interact with the firm via web portal.

Evaluated via: Passive HTTP header inspection (X-Frame-Options, CSP, XCTO, Referrer-Policy).

Certification Tiers

LEAGUE-RECOGNIZED

Standard 1 Certified

  • Standard 1: Communication Integrity confirmed
  • Public registry listing with recognition date
  • Directory listing with domain and sector
  • League-Recognized badge assets
  • Annual re-evaluation with advance notification

Annual fee: $9,600 · Charter rate: $7,200 (locked 3 years)

LEAGUE-VERIFIED

Standards 1–5 Certified

  • All five standards confirmed
  • Full Transaction Readiness Assessment (TRA)
  • Formal written compliance report
  • League-Verified badge assets
  • LP disclosure and regulatory-grade documentation
  • Annual re-evaluation with priority response

Annual fee: $24,000 · Includes CFS practitioner credential for one IT officer

CFS — Certified Fiduciary Security

The Certified Fiduciary Security (CFS) credential is issued to the individual responsible for maintaining a firm's League-Verified standing — the CISO, IT director, managing partner, or outsourced IT provider accountable for the firm's communication security infrastructure.

CFS Credential Levels

CFS-1 Foundation

Standards 1–2 · Email authentication and domain security. Entry-level designation for IT staff and junior practitioners responsible for implementing and maintaining firm-level configurations.

CFS-2 Practitioner

Standards 1–4 · Adds credential integrity and certificate transparency monitoring. For IT managers, CISOs, and senior practitioners managing full-stack security posture at a fiduciary firm.

CFS-3 Senior Practitioner

Standards 1–5 + audit competency · Full framework coverage plus documented ability to evaluate and remediate across all five standards. Required for independent MSP/consultant designation.

  • Competency is demonstrated by outcome — the firm's passing evaluation — not examination alone
  • CFS designation appears in the League Directory alongside the firm's listing
  • Credential lapses automatically if the firm's League-Verified status lapses
  • Suitable for résumé, email signature, LinkedIn, and professional profiles
  • Renewable annually at $1,800/year per practitioner

The CFS designation positions the individual practitioner as the documented, publicly accountable security officer for a certified fiduciary firm. In an environment where institutional LPs, bank counterparties, and clients are increasingly requiring documented communication security as a condition of business, the CFS represents a verifiable professional credential tied to actual firm compliance.

For IT Teams and Managed Service Providers

MSPs, IT consultants, and managed security providers that bring a client firm to League-Verified status are eligible for CFS designation as the accountable practitioner for that engagement. Firms with multiple locations, subsidiaries, or consolidated service arrangements may discuss volume practitioner arrangements directly with the League.

The CFS Certification Course — available on this site — provides a structured curriculum covering all five standards, the evaluation methodology, and the fiduciary legal context. Completion of the course is a prerequisite for individual CFS-2 or CFS-3 application outside of a League-Verified firm engagement. Enroll in the CFS course →

How to Pursue Certification

  1. The League evaluates your firm against Standard 1 — without notice, without application, without fee. If your firm has already received an Invitational Letter, the evaluation is complete.
  2. To pursue League-Recognized status, respond to the Invitational Letter by mail or phone to confirm recognition.
  3. To pursue League-Verified status, contact the League to initiate a Transaction Readiness Assessment (TRA). The TRA evaluates Standards 2–5 and produces a formal written report.
  4. Upon confirmed compliance with all five standards, the firm's registry entry is updated to League-Verified, the TRA report is delivered, and CFS designation is available to the named practitioner.

Certification Inquiries

Monte Phillips · Principal Analyst, The Fiduciary League

Mail: 1200 Fourth St #729, Key West, FL 33040

Phone: 305-980-7229