Roles and Responsibilities of the Board
SIO-9.6.6
The board must provide oversight and accord sufficient priority and resources to manage cyber security risk, as part of the stablecoin issuer’s overall risk management framework.
Added: July 2025SIO-9.6.7
In discharging its oversight functions, the board must:
(a) Ensure that the licensed stablecoin issuer’s strategy, policy and risk management approach relating to cyber security are presented for the board’s deliberation and approval;(b) Ensure that the approved cyber security risk policies and procedures are implemented by the management;(c) Monitor the effectiveness of the implementation of the stablecoin issuer’s cyber security risk policies and procedures and ensure that such policies and procedures are periodically reviewed, improved and updated, where required. This may include setting performance metrics or indicators, as appropriate, to assess the effectiveness of the implementation of cyber security risk policies and procedures;(d) Ensure that adequate resources are allocated to manage cyber security including appointing a qualified person as Chief Information Security Officer (“CISO”) with appropriate authority to implement the cyber security strategy. The CISO is the person responsible and accountable for the effective management of cyber security;(e) Ensure that the impact of cyber security risk is adequately assessed when undertaking new activities, including but not limited to any new products, investment decision, merger and acquisition, adoption of new technology and outsourcing arrangements;(f) Ensure that the management continues to promote awareness on cyber resilience at all levels within the licensee;(g) Ensure that the board keeps itself updated and is aware of new or emerging trends of cyber security threats and understand the potential impact of such threats to the licensed stablecoin issuer.Added: July 2025
