SIO-9.6.8
The management is responsible for:
(a) Establishing and implementing cyber security policies and procedures that commensurate with the level of cyber security risk exposure and its impact on the stablecoin issuer. These policies and procedures must take into account the following:
i. The sensitivity and confidentiality of data which the stablecoin issuer maintains;
ii. Vulnerabilities of the stablecoin issuer’s information systems and operating environment across the licensee; and
iii. The existing and emerging cyber security threats.
(b) Ensuring that employees, agents (where relevant) and third-party service providers are aware and understand the cyber security risk policies and procedures, the possible impact of various cyber security threats and their respective roles in managing such threats;
(c) Recommending to the board on appropriate strategies and measures to manage cyber security risk, including making necessary changes to existing policies and procedures, as appropriate; and
(d) Reporting to the board of any cyber security breaches and periodically update the board on emerging cyber security threats and their potential impact on the stablecoin issuer.
Added: July 2025