Cyber and Technology
Cyber risk continues to dominate the headlines, placing security issues at the top of businesses and regulatory authorities’ agendas. Alongside the benefits of technological developments, investment managers are faced with a host of new and evolving cyber security threats. Enhancing cyber security and operational resilience plans at organisations is an important focus for regulators globally.
The European Commission has published a draft regulation on digital operational resilience for the financial sector (DORA). It aims to enable a comprehensive framework at EU level with consistent rules addressing the digital operational resilience needs of all regulated financial entities and establishing an oversight framework for critical ICT third-party providers. The Commission's proposal is currently being scrutinised by the European Parliament and Council.
The Central Bank of Ireland (CBI) has published cross industry guidance on operational resilience. The guidance confirms that a firm should have ICT and Cyber Resilience strategies that are integral to the operational resilience of its critical or important business services.
The UK Financial Conduct Authority (FCA) has published new rules designed to increase and enhance firms’ operational resilience. The FCA consider that cyber resilience is complementary to operational resilience outcomes and require firms to take a holistic approach to their overall resilience. The FCA's rules and guidance will come into force on 31 March 2022.
The U.S. Securities and Exchange Commission (SEC) staff are developing a proposal for the Commission’s consideration on cybersecurity risk governance, which could address issues such as cyber hygiene and incident reporting.
AIMA is updating its Guide to Sound Practices for Cyber Security, due to be released in Q1 2022. The Guide sets out principles that investment managers should consider when developing a cybersecurity programme as part of its overall compliance and operations.
AIMA serves as the global voice of the alternative investment management industry in the digital assets space. AIMA’s work in digital assets is overseen by our global Digital Assets Working Group (AIMA DAWG).
Q1 2022, AIMA to release latest Guide to Sound Practices for Cyber Security.
31 March 2022, FCA rules on operational resilience will come into force.
31 December 2022, ESMA guidelines apply to any cloud outsourcing arrangement entered into prior to 31 July 2021.
2023, EU's Digital Operational Resilience Act (DORA) is expected to come into effect.
(Last updated: 1 December 2021)