DFSA Reviews Cyber Risk Practices, Issues Crypto Token Regime
The Dubai Financial Services Authority (DFSA) published a thematic report on cyber risk assessment practices and announced that the Crypto Token regime will come into effect from November 01, 2022. Additionally, DFSA signed the Memorandum of Understanding (MOU) with the Securities and Exchange Commission (SEC) of Thailand to enable dialog about technology innovation in financial services (including fintech and regtech.
The Cyber Thematic Report 2022 reviewed the degree to which firms have implemented the DFSA Cyber Risk Management Guidelines and the current maturity level of the cybersecurity frameworks of these firms. The report summarizes key findings and observations along with areas of improvements in the cyber risk management practices of firms. The report assessed cyber risk governance frameworks, the consistency of cyber risk management practices, the current maturity level of cybersecurity frameworks, and resilience programs and compared results with the outcomes of the 2020 review. The report found significant improvements in third-party cyber risk management and user authentication controls, including strong password requirements and multi-factor authentication. The report highlights need for further improvement in three areas: incident response testing program, vulnerability assessments and penetration testing, and information technology asset identification and classification. DFSA performs cyber thematic reviews in two-year cycles (previous review was in 2020) to check the maturity level of cybersecurity frameworks implemented by firms. DFSA also plans to engage relevant institutions in cyber simulations that help them to test their response to cyber incidents and assess their cyber resilience.
The Crypto Token regime, which comes into effect on November 01, 2022, forms the second phase of the DFSA work, following the introduction of a regime in the Dubai International Financial Centre (DIFC) for the Regulation of Investment Tokens in October 2021. This comprehensive regime covers not only money launder and terrorist financing risks in respect of trading, clearing, holding, or transferring crypto tokens but also in addressing risks to consumer protection, market integrity, custody, and financial resources for service providers. DFSA took a balanced approach in the development of this regime and will consider, as the sector develops, further changes and amendments to the regime in alignment with best practices and standards adopted by international standard-setters.
Related Links
- Press Release on Cyber Thematic Review Report 2022
- Cyber Thematic Review Report 2022 (PDF)
- Press Release on Crypto Token Regime
- Crypto Token Regime and Associated Documents
- MoU with SEC Thailand
Keywords: Middle East and Africa, UAE, Banking, Regtech, Cyber Risk, Third Party Risk, Cyber Incident, AML CFT, Crypto Token Regime, DFSA
Related Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.