Aggregated News From Investment Management Regulators

”We will help you build a better technological infrastructure” – MFSA – MFSA


Please complete the required fields.

On 30 June 2020, the Supervisory ICT Risk and Cybersecurity Function (SIRC) of the Malta Financial Services Authority (MFSA) released a principle-based cross-sectoral document titled: ‘ Guidance on Technology Arrangements, ICT and Security Risks Management, and Outsourcing Arrangements’, for public consultation, directed at regulated firms in Malta. The period prior to its release involved extensive consultations with internal stakeholders (as the document is cross-sectoral), a detailed mapping of regulatory requirements from European Supervisory Authorities pertaining to ICT risks as well as an inclusion of international standards and established frameworks in several sections of the Guidance document.

This document is in line with the Authority’s Strategic Plan 2019-2021 and reflects the Authority’s expectations from licence holders with respect to their approach in managing risks emanating from their technology infrastructure and processes, as well as putting in place adequate governance arrangements. The Guidance document further buttresses the Authority’s position in being a business enabler and its position in helping supervised entities in all aspects inasmuch as technology remains at the core of the financial services sector.

The Guidance document encompasses four high level principles: proportionality; principles-based consistency of outcomes; information assurance in technology arrangements; and approach to cloud computing. The Authority is providing guidance on technology arrangements, ICT and Security Risk Management as well as outsourcing arrangements. The section on technology arrangements covers the essential characteristics of cloud computing with major pointers to its service and deployment models, shared responsibilities for cloud service models, management of these cloud models and security monitoring. The section on ICT and security risk management covers internal governance and risk mitigating measures that entities are expected to adopt in managing all forms of risks associated with their technology infrastructure. It encapsulates various measures (ICT operations management, ICT project and change management, ICT Strategy, ICT Risk Management, Information Security) as overall components of supervised entities’ operational risk management framework. Lastly, the section on outsourcing arrangements provides detailed information on how licence holders are to apply a thorough risk management method to their outsourced functions. The section contains guidance on assessments prior to outsourcing, management of conflicts of interests, business contingency planning and clauses to be included in outsourcing agreements.

The MFSA, through its newly formed Supervisory ICT Risk and Cybersecurity Function, is entrusted with the task of engaging continuously with supervised firms, by monitoring their adherence to expectations with regard to their technology infrastructure through thematic reviews via on-site inspections and off-site supervision.

As  stated in its Strategic Plan 2019-2021, the Authority’s aim is to ensure that all licence holders are resilient to cyber threats and technological disruption to prevent data breaches, the loss of data and to safeguard the availability and integrity of data.

Source link

Regulator Information

Abbreviation: MFSA
Jurisdiction: Malta

Recent Articles

Directive for the beneficial ownership register of express trusts and similar legal arrangements

See the Press Release published by the Cyprus Securities and Exchange Commission (CySEC CY) here: Source link


Attention! The FMA warns investors against concluding transactions with: RichmondSuper (Link to external page. Opens in new window.) [email protected] [email protected] [email protected] [email protected] [email protected] (Link to external page. Opens in new window.) This provider...

Hardson Becker Global

Attention! The FMA warns investors against concluding transactions with: Hardson Becker Global with its registered address apparently in Hangzhou, China This provider is not authorised to carry...

“Let’s talk about money” – money laundering: how illegal assets are given a legal appearance

In the latest edition of its consumer information series, “Let’s talk about money” the Austrian Financial Market Authority (FMA) explains about the term money...

Chair Powell will host town hall with educators August 2, 2021 at 4 p.m. EDT

Please enable JavaScript if it is disabled in your browser or access the information through the links provided below.

Get the latest from Regulatory.News in your inbox!