FSC issues Cyber Security Risk Governance Circular Letter
Article Published on September 27, 2019
The financial services industry is riding one great wave of change - that of digital transformation thanks to the inevitable introduction of disruptive technologies. But innovation and new technologies surely present new risks as hordes of cyber-attackers are waiting to pounce on security loopholes. It is therefore important that companies, especially financial service providers, devise and implement a solid cyber security strategy.
The Financial Services Commission (FSC) issued a circular letter in August 2019 (cl210819) aimed at reminding Management Companies (MCs) of the need of having a sound cyber resilience programme in place. Below are the minimum recommendations put forward by FSC:
MCs will be expected to:
-
understand the cyber risks, vulnerabilities and impact associated in running their businesses, with supporting documentation;put into place appropriate policies and procedures duly approved by the board to mitigate the risks;carry out an annual cyber security risk assessment which is reported to the board;conduct regular IT audit and addressing identified loopholes accordingly;conduct penetration testing to ensure that their systems are not vulnerable or susceptible to cyber-attacks;put in place appropriate contingency arrangements that they can be deployed in the event of a cyber-attack, including but not limited, maintaining service levels for clients and informing relevant parties and authorities about the attack and its impact; andrun a comprehensive technology risk and cyber security training programme at all levels
At ITL, cybersecurity is firmly entrenched in our company strategy and for that reason, we have set up a full-fledged Information Security, Governance, Risk & Compliance, and Data Protection team, led by a seasoned CISSP (Certified Information Security Systems Professional). We lay much emphasis on creating a secure cyber framework for our clients and make sure that our staff receive the appropriate training. For more information on our cyber security strategy and on how we can further assist our clients in safeguarding their data, please write to us on info@intercontinentaltrust.com