The MFSA has just issued a document describing the supervisory focus for 2021 in the areas of ICT risk, Cybersecurity and ICT outsourcing. The SIRC (Supervisory ICT Risk and Cybersecurity function) forms part of the MFSA’s supervision bodies.
The general feeling within the EU was that ICT risk and Cybersecurity supervision was fragmented and tailor-made for specific sectors and in line with this approach the European Supervisory Authorities (ESAs) published a number of guidelines.
The SIRC recently published a principle-based cross-sectoral Guidance on Technology Arrangements, ICT and Security Risk Management and Outsourcing Arrangements that sets out protocols for a variety of entities ranging from credit institutions to virtual financial assets and company service providers.