Cyber-security is the responsibility of the board of directors, not that of the IT department, and those who do not take this responsibility seriously could face Central Bank sanctions. This is the Central Bank’s message to investment firms and players in the fund services industry.
The message was conveyed in a recent letter to board members and senior management in investment firms and fund services.
It follows a Central Bank review of how investment firms, fund service providers and stockbrokers are managing cyber-security and related operational risks. The letter states that the onus is on firms to evaluate their own cyber-risk and to decide what systems and procedures need to be put in place to manage this risk. Attached to the letter is a checklist of what the Central Bank regards as best practice in managing cyber-risk and a self-assessment questionnaire.