Regulatory Alerts2024-04-18
AFM Exploratory Study on Information Security of Capital Markets
The Dutch Authority for the Financial Markets (AFM) conducted an exploratory investigation into the IT security maturity of capital market firms, including trading venues and proprietary traders. The study assessed nine specific controls against the DNB good practice methodology and found that while firms generally met the minimum maturity level, significant gaps remained in risk register quality, business continuity testing for cyber scenarios, and the formalization of intragroup outsourcing. The AFM recommends that firms improve their risk assessment completeness, integrate cyberattack simulations into annual continuity tests, and enhance the governance of internal service arrangements to prepare for the upcoming Digital Operational Resilience Act (DORA).