The MFSA issued a Guidance Document to all licensed entities entitled ‘Guidance on Technology Arrangements, ICT and Security Risk Management, and Outsourcing Arrangements’. The Guidance covers the implementation of Technology Arrangements and ICT and emphasises the fact that technology has become a fundamental asset to the financial services industry, as a result of which Licence Holders are increasingly reliant on technology to perform business and operational functions

Whereas technological arrangements deliver cutting-edge benefits to both financial services firms and their customers, it is also true that these introduce new risks to licence holders, ranging from ICT governance risks to cybersecurity risks and IT outsourcing risks.

Download our Summary of the Guidance

The Guidance establishes a number of risk mitigation factors emanating from increased reliance on technological arrangements, that need to be adequately mitigated. This includes the establishment of a comprehensive ICT governance framework. The MFSA Guidance also includes extensive guidance on the outsourcing of IT to third parties.

Pillars of information assurance

The Guidance is principled-based and does not favour one type of technology or service model over another, as long as the compliance obligations can be met. The principle-based approach also applies to ICT risk, security governance, and control frameworks. Significantly, the Guidance allows for the principle of proportionality. As a result, mitigating controls and governance arrangements should take into consideration the nature, scale, and complexity of the technology arrangements, the risks arising thereof, as well as the level of dependence on such technology arrangements for the implementation of critical or important functions. All licensed entities are mandated to ensure compliance with the principles.

What do you need to know?

  • Familiarize yourself with the MFSA guidance document and how this may impact your firm
  • Consider setting up a team/task force, including your IT team, to take a systematic approach to ensure compliance with the Guidance. Engage external expertise if required
  • Understand the categories of data your firm processes, the medium through which they are processed, and where and how they are stored
  • Perform an ICT risk assessment that is commensurate to the nature, scale, and complexity of the firm. When defining the frequency, depth, detail, and intensity of ICT risk assessment, these should proportionate to the size, structure, and operational environment of the firm
  • Draw up a gap analysis between the current ICT practices within your firm and the MFSA guidelines requirements
  • Establish what remedial actions required in order to ensure compliance with the MFSA Guidance
  • Establish a framework to ensure that IT risk is effectively and efficiently managed in an on-going manner
  • Take reasonable measures to be in a position to demonstrate that your entity complies with the MFSA guidance document

'Credit & Financial Institutions' Related News Articles

01
The European Union Global Minimum Level of Taxation for Multinational Enterprise Groups and Large-Scale Domestic Groups Regulations 2024
CSB Group

by CSB Group

5th April 2024

Bank of Valletta has supported this year’s opera by Gioachino Rossini – ‘Armida’
Bank of Valletta

by Bank of Valletta

18th March 2024

Changing the terms of a credit agreement and forbearance policies and measures: new obligations on lenders in consumer and residential property credit agreements
Ganado Advocates

by Ganado Advocates

23rd February 2024

The HSBC Malta Foundation supports Three-Year UM Research Project through RIDT
HSBC Bank Malta p.l.c.

by HSBC Bank Malta p.l.c.

19th February 2024

BOV RETROSPECTIVE EXHIBITION FEATURING WORKS BY NOEL GALEA BASON OFFICIALLY INAUGURATED
Bank of Valletta

by Bank of Valletta

17th January 2024

Goal-line Defenders: Scoring Victory Against Financial Crime with the Three Lines of AML/CFT Defence
CSB Group

by CSB Group

12th January 2024

Agreement reached on the establishment of the Anti-Money Laundering Authority (“AMLA”)
Ganado Advocates

by Ganado Advocates

3rd January 2024

FIAU Thematic Review on Company Service Providers when providing Company Formation Services
Ganado Advocates

by Ganado Advocates

3rd January 2024

Directive 93/13/EEC and mandatory statutory or regulatory provisions in consumer contracts
Ganado Advocates

by Ganado Advocates

3rd January 2024

MiCA Update: Consultation Process on the Proposed Updates to Chapter 3 of the VFA Rulebook
Ganado Advocates

by Ganado Advocates

1st November 2023

Continuing to disclose the topic EU funding for Startups ¦ Startup Definition
Griffiths + Associates Ltd

by Griffiths + Associates Ltd

31st October 2023

EU Court’s Landmark Ruling: Restricting Financial Ties to Combat Money Laundering and Terrorism Financing
Ganado Advocates

by Ganado Advocates

16th August 2023

ESMA issues public statement in relation to sustainability disclosures in prospectuses
Ganado Advocates

by Ganado Advocates

16th August 2023