The FSRA considers IT risk management to be a key part of firms’ management of their overall business risk. In this respect, the FSRA has issued regulations and rules relating to IT risk management and controls for specific IT domains or regulated activities that rely heavily on IT. Those regulations and rules underline the standards required of authorised firms in maintaining a robust and resilient IT environment as an inherent part of their business activities.
The Discussion Paper sets out the following initiatives that the FSRA is building on to enhance its supervisory and regulatory regime over IT risk management.
Introducing comprehensive and holistic IT Risk Management Guidance that consolidates best practices across a range of IT domains, including guidance for the adoption of algorithm-driven and decentralized infrastructure solutions.
Reviewing existing rules relating to IT risk management to incorporate requirements that would strengthen firms’ practices.
Requiring firms to report material IT incidents to the FSRA in a standardised format within a prescribed timeframe.
Making regulatory technologies (RegTech) available to firms to navigate the FSRA’s rules and guidance relating to IT risk management.
Mr Emmanuel Givanakis, CEO of the ADGM FSRA said: “While technological advances enable financial services firms to innovate and deliver enhanced value to customers and investors, IT risks are also growing in their scale and complexity. It is therefore imperative for the FSRA to continue updating and enhancing our regulatory framework on IT risk management to support innovation and growth. We look forward to collaborating with the industry to further develop capabilities that will make IT risk management a competitive advantage for our firms and contribute to a more resilient ecosystem in the ADGM.”
The discussion paper can be found here: Discussion Paper No. 1 of 2023 – Information Technology Risk Management.