Featured Product

    Dubai FSA Publishes Key Findings from Review of Cyber Risk Frameworks

    June 24, 2020

    Dubai FSA published the key findings from its thematic review on the cyber risk management frameworks of firms operating in the Dubai International Financial Center. The review, which was launched in July 2019, assessed cyber risk governance frameworks, cyber hygiene practices, and incident-preparedness programs of firms authorized by Dubai FSA. The review found that a significant number of firms had either not implemented a comprehensive cyber risk management framework or performed only a limited cyber risk assessment.

    The review shows that a significant number of firms perform only a limited cyber risk assessment. In many instances, neither the board nor senior management oversight of cyber risk management was sufficient. This was especially prevalent where firms outsourced their IT infrastructure and cyber security functions to an IT service provider. This was also evident in the fact that there was a lack of senior management review of cyber security audits, reviews, and tests. Only half of all firms have a due diligence process to assess whether third-party service providers meet the cyber security requirements and even fewer firms periodically test whether third-party service providers satisfy the cyber security requirements. 

    The majority of firms have implemented some form of a cyber incident response plan to respond to, and limit the consequences of, a cyber incident. However, in many cases, the cyber response procedures are addressed in general terms as components of the business continuity plan and are not tailored specifically to cyber threats. Less than half of all firms have implemented a crisis management communication plan that addresses external stakeholders while more than half of firms’ cyber incident response plans do not include a formal requirement for periodically testing the response to a cyber incident. Where firms do have a periodic testing requirement, it was identified that a significant number of firms have not tested any component of their cyber incident response plans in the past year. The published report summarizes such key findings and observations, along with the expectations of Dubai FSA and examples of best practices of cyber risk management. 

    The review was undertaken in two phases, with the first phase consisting of a questionnaire seeking high-level information on the cyber security practices of each authorized firm and the second phase consisting of desk-based reviews and onsite visits to selected firms representing a range of business models and financial services activities. Although not part of this review, the new remote working protocols established in 2020 also bring new cyber risk vulnerabilities that need to be addressed by the financial services industry. According to Mr. Bryan Stirewalt, the Chief Executive of the Dubai FSA, enhancement of the cyber resilience of regulated population is one of the key priorities of Dubai FSA, which has steadily increased the supervisory focus on cyber risk and is constantly engaging with firms in the Dubai International Financial Center to ensure they have sufficient safeguards in place to shield against and to respond to and recover from cyber incidents. The focus of Dubia FSA also includes support for development of industry-level guidance on cyber risk management practices. 

     

    Related Links

    Keywords: Middle East and Africa, UAE, Dubai, Banking, Cyber Risk, DIFC, Operational Risk, Cyber Testing, Outsourcing Arrangements, Third-Party Arrangements, Dubai FSA

    Related Articles
    News

    ECB Amends Guideline on Temporary Collateral Easing Measures

    ECB published Guideline 2021/975, which amends Guideline ECB/2014/31, on the additional temporary measures relating to Eurosystem refinancing operations and eligibility of collateral.

    June 17, 2021 WebPage Regulatory News
    News

    EIOPA Releases Report on Artificial Intelligence Governance Principles

    EIOPA published a report, from the Consultative Expert Group on Digital Ethics, that sets out artificial intelligence governance principles for an ethical and trustworthy artificial intelligence in the insurance sector in EU.

    June 17, 2021 WebPage Regulatory News
    News

    HKMA to Increase Focus on Suptech and Regtech Cloud Adoption

    HKMA published the seventh and final issue of the Regtech Watch series, which outlines the three-year roadmap of HKMA to integrate supervisory technology, or suptech, into its processes.

    June 17, 2021 WebPage Regulatory News
    News

    EC Consults on Improving Transparency in Secondary Markets for NPLs

    EC launched a targeted consultation to improve transparency and efficiency in the secondary markets for nonperforming loans (NPLs).

    June 16, 2021 WebPage Regulatory News
    News

    BIS and Nordic Central Banks Launch Innovation Hub in Stockholm

    BIS, Danmarks Nationalbank, Central Bank of Iceland, Norges Bank, and Sveriges Riksbank launched an Innovation Hub in Stockholm, making this the fifth BIS Innovation Hub Center to be opened in the past two years.

    June 16, 2021 WebPage Regulatory News
    News

    FDIC Tech Sprint Aims to Explore Technologies to Reach Unbanked

    FDITECH, the technology lab of FDIC, announced a tech sprint that is designed to explore new technologies and techniques that would help expand the capabilities of community banks to meet the needs of unbanked individuals and households.

    June 16, 2021 WebPage Regulatory News
    News

    EC Releases Sustainable Finance Taxonomy Compass

    EC released the EU Taxonomy Compass, which visually represents the contents of the EU Taxonomy starting with the EU Taxonomy Climate Delegated Act.

    June 16, 2021 WebPage Regulatory News
    News

    FDIC Proposes Amendments to Real Estate Lending Standards

    FDIC is seeking comments on a rule to amend the interagency guidelines for real estate lending policies—also known as the Real Estate Lending Standards.

    June 15, 2021 WebPage Regulatory News
    News

    EIOPA to Consider Liquidity Risk in Stress Test for 2021

    EIOPA published its annual report, which sets out the work done in 2020 and indicates the planned work areas for the coming months.

    June 15, 2021 WebPage Regulatory News
    News

    ESRB Paper Discusses Measurement of Impact of Bank Failure via Lending

    The ESRB paper that presents an analytical framework that assesses and quantifies the potential impact of a bank failure on the real economy through the lending function.

    June 15, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 7116