Custom print

RM-9.1.6

Past version: Effective from 01 Apr 2019 to 30 Sep 2021
To view other versions open the versions tab on the right

The senior management of an investment firm licensee must be responsible for the following activities:

(a) Create an overall cyber risk management framework commensurate with the size, nature of activities and the risk profile of the licensee and formulate a cyber risk defense policy;
(b) Regularly measure the effectiveness of the implementation of the risk management practices mentioned in RM-9.1.3 and ensure that this is regularly reported to the Board.
(c) Ensure that process for identifying critical internal functions are in place and annually verified.
(d) Adequately oversee the implementation of the cyber risk management framework;
(e) Implement and consistently maintain an integrated, corporatewide, cyber risk management framework, including sufficient resource allocation;
(f) Monitor the effectiveness of the cyber defense array and coordinate cyber defense activities with internal and external risk management entities;
(g) Receive periodic reports from the relevant departments on the current situation with respect to cyber threats and cyber risk treatment; and
(h) Receive periodic reports on all cyber incidents (internal and external) and analysis of their implications on the licensee.
Added: April 2019