What the MFSA Document on ICT Risk and Cybersecurity Means

​The Malta Financial Services Authority issued a document that was the third instalment of The Nature and Art of Financial Supervision series on January 28, 2021. This document shifts gears to focus more primarily on cybersecurity supervision and ICT risk. It does so by first taking a more in-depth look at the background of both sectors and touches on the legal and regulatory provisions and functions for each.


The document highlights the observations made for ICT risk and cybersecurity supervision in addition to laying out the Authority expectations for cross-sectoral priority in 2021 and beyond. MFSA has documented that they expect regulated entities to read this third instalment and take heed of the recommendations when and where applicable.

MFSA Chief Supervision Officer and Chief Executive Officer ad interim, Dr Christopher P. Buttigieg, commented that “ICT is crucial in all aspects of today’s world. The financial services sector is no exception. In 2020 the MFSA set up a cross-sectoral Supervisory ICT Risk and Cybersecurity functions to address risks inherent to this area. Going forward, the Authority has designated ICT Risk and Cybersecurity as one of its priorities for 2021.”


The new document applies to all of the following licensed entities. This is not an exhaustive list and the actual document may be referenced here for further assessment:

● Financial Institutions

● Credit Institutions

● Investment Services

● Pension Service Providers

● Retirement Pension Schemes

● Trading Venues

● Trustee and Other Fiduciaries

● Virtual Financial Assets

● Company Service Providers

● Central Securities Depositories


The regulation proposal is laid out by the following four areas:

● ICT Risk Management — all financial institutions will be required to have a framework in place that is risk-based.

● Incident Reporting — communication will be enhanced.

● Digital Operational Resilience Testing — proportionate and resilient testing.

● Managing of ICT Third-Party Risk — more outsourcing, new oversight tools for supervisors.

● Information Sharing Arrangements — voluntary scheme to encourage communication about threats.


The MFSA plans to continue building upon the foundational groundwork that was initially carried out in 2020. This development brings forth the amplified consideration of the need for ICT Risk and Cybersecurity as the primary focuses for 2021. More terms will be laid out as the year progresses which will help to prioritize key risk areas within the industry. The MFSA plans to educate and carry out these initiatives with a broader awareness of all activities for stakeholders and companies alike. The Authority anticipates the regulation of entities to the content of this third volume document. If regulation is not met, corrective action will be taken when and where appropriate in order to follow the expectations herein laid out by the Authority.

Originally published at https://www.vacancycentre.com.




Talent solutions you can trust. Unleash your professional career within Finance, Compliance and Technology.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Digital Identity Solutions — Why They Matter

{UPDATE} Little Trucks Colorbook Free Hack Free Resources Generator

Why We Invested In Socure: Securing The Internet One Identity At A Time

CoinDogs guarantee Fair Play, Security, and Anonymity 🤝

{UPDATE} Monster Truck Racing Challenge Hack Free Resources Generator

Online Shopping and E-Commerce: New https://t.co/2inxf5aMaN via @pewresearch #Business #Legal

{UPDATE} Car Traffic Modern Parking 3D Hack Free Resources Generator

Cookies Redefined

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Talent solutions you can trust. Unleash your professional career within Finance, Compliance and Technology.

More from Medium

unifi gui with caddy2, no-ip, and a raspi4

Build Private Cloud with OpenStack Kolla-ansible Step by Step Guide 1.0 -Part 1 Preparation

Getting started with Voltaic

Traffic Light Project in Arduino

Fotografie creată de Deva Darshan, de la Pexels