Aggregated News From Investment Management Regulators

”We will help you build a better technological infrastructure” – MFSA – MFSA


Please complete the required fields.

On 30 June 2020, the Supervisory ICT Risk and Cybersecurity Function (SIRC) of the Malta Financial Services Authority (MFSA) released a principle-based cross-sectoral document titled: ‘ Guidance on Technology Arrangements, ICT and Security Risks Management, and Outsourcing Arrangements’, for public consultation, directed at regulated firms in Malta. The period prior to its release involved extensive consultations with internal stakeholders (as the document is cross-sectoral), a detailed mapping of regulatory requirements from European Supervisory Authorities pertaining to ICT risks as well as an inclusion of international standards and established frameworks in several sections of the Guidance document.

This document is in line with the Authority’s Strategic Plan 2019-2021 and reflects the Authority’s expectations from licence holders with respect to their approach in managing risks emanating from their technology infrastructure and processes, as well as putting in place adequate governance arrangements. The Guidance document further buttresses the Authority’s position in being a business enabler and its position in helping supervised entities in all aspects inasmuch as technology remains at the core of the financial services sector.

The Guidance document encompasses four high level principles: proportionality; principles-based consistency of outcomes; information assurance in technology arrangements; and approach to cloud computing. The Authority is providing guidance on technology arrangements, ICT and Security Risk Management as well as outsourcing arrangements. The section on technology arrangements covers the essential characteristics of cloud computing with major pointers to its service and deployment models, shared responsibilities for cloud service models, management of these cloud models and security monitoring. The section on ICT and security risk management covers internal governance and risk mitigating measures that entities are expected to adopt in managing all forms of risks associated with their technology infrastructure. It encapsulates various measures (ICT operations management, ICT project and change management, ICT Strategy, ICT Risk Management, Information Security) as overall components of supervised entities’ operational risk management framework. Lastly, the section on outsourcing arrangements provides detailed information on how licence holders are to apply a thorough risk management method to their outsourced functions. The section contains guidance on assessments prior to outsourcing, management of conflicts of interests, business contingency planning and clauses to be included in outsourcing agreements.

The MFSA, through its newly formed Supervisory ICT Risk and Cybersecurity Function, is entrusted with the task of engaging continuously with supervised firms, by monitoring their adherence to expectations with regard to their technology infrastructure through thematic reviews via on-site inspections and off-site supervision.

As  stated in its Strategic Plan 2019-2021, the Authority’s aim is to ensure that all licence holders are resilient to cyber threats and technological disruption to prevent data breaches, the loss of data and to safeguard the availability and integrity of data.

Source link

Regulator Information

Abbreviation: MFSA
Jurisdiction: Malta

Recent Articles

Aktualisierte Sanktionsmeldung

Das Staatssekretariat für Wirtschaft (SECO) hat eine Änderung der Verordnung vom 2. Oktober 2000 über Massnahmen gegenüber Personen und Organisationen mit Verbindungen zu Usama...


This firm may be providing financial services or products without our authorisation. You should avoid dealing with this firm and beware of potential scams. Almost...

Remittance Advice against : Pawan Kumari Agarwal [Defaulter] PAN: ABOPA5019J in the matter of Sulabh Engineers & Services Limited., under Recovery Certificate No. 6619...

This news item was originally published by the Securities and Exchange Board of India (SEBI IN). See the Remittance Advice here: Source link "

Completion of Recovery Certificate No. 6684 of 2023 dated June 15, 2023 issued against Shreya Stocks & Shares Pvt. Ltd. (Now known as Omesh...

This news item was originally published by the Securities and Exchange Board of India (SEBI IN). See the details here: Source link "

Release Order – Shreya Stocks & Shares Pvt. Ltd. (Now known as Omesh Skill & Business Development Private Limited) [Defaulter] PAN: AAHCS4970M in the...

This news item was originally published by the Securities and Exchange Board of India (SEBI IN). See the Order here: Source link "

Get the latest from Regulatory.News in your inbox!