The Supervisory ICT Risk and Cybersecurity function has issued principle-based cross-sectoral guidelines (“Guidance Document”) in the areas of Technology Arrangements, ICT and Security Risk Management, and Outsourcing Arrangements, setting out the Authority’s expectations. The guidelines are in line with the MFSA’s Strategic Plan 2019-2021 and the Authority’s efforts to ensure operational resilience within the financial services industry. It is recommended that all supervised entities make effective use of the Guidance document and approach it with a view to align with the Authority’s expectations therein.
On 28 January 2021 the Supervisory ICT Risk and Cybersecurity function issued the publication ‘The Nature and Art of Financial Supervision – Volume III – ICT Risk and Cybersecurity‘. This publication provides information about ICT Risk and Cybersecurity supervision within the financial services industry and the approach adopted by the Authority in this regard. It further provides insight into future developments on the regulatory framework in the respective areas.
The document highlights the Authority’s main findings and prevailing risks based on supervisory interactions with licence holders in 2020, and puts forward recommendations in this regard. It also describes the MFSA’s supervisory focus for 2021 in the areas of ICT risk and Cybersecurity as well as ICT outsourcing.