In light of risk management failings observed by the Malta Financial Services Authority (MFSA), the Authority has mapped out key risk areas in ICT and cybersecurity.
On Thursday, the MFSA issued its third volume of “The Nature and Art of Financial Supervision” series, which focusses on ICT Risk and Cybersecurity Supervision.
This document provides background on ICT risk and cybersecurity, including the applicable legal and regulatory framework.
It is part of the MFSA’s broader program, which includes its Vision 2021, and its Strategic Plan 2019-2021 – both of which placed substantial importance on ICT risk and Cybersecurity.
The initiatives, comment on, and make recommendations to, a cross-sector group that includes trading venues, central securities depositories, virtual financial assets, credit institutions and financial institutions.
In their checks, the MFSA said it observed instances that did not comply with the most effective practices.
It observed boards that were not adequately involved in ICT matters, that some ICT budgets did not adequately reflect increased and forthcoming operational requirements, and that some boards did not ensure that their organisations have in place the necessary ICT policies and procedures.
The MFSA also reiterated that “financial entities should have an adequate ICT and security risk management framework in place which is documented and continuously improved.”
The Authority identifies a number of ways that it regards some existing frameworks are inadequate, or that they have been inadequately implemented.
For example, it said that it “observed instances whereby there was no sufficient segregation of functions in accordance with the three lines of defence model to adequately manage conflicts of interest”
The MFSA made a number of proposals, consisting of the following main aspects:
The full report can be accessed here.
More than 10 per cent of Maltese enterprises struggle to find ICT specialists
The due diligence applied ensures the focus is on quality, not quantity
The half-day event hosted panel discussions on tackling burnout and technology for gender equality