Regulatory Alerts2024-10-24
Regulation on Management and Reporting of Information Security Incidents by Financial Institutions and Credit Assessment Agents
The Minister of Finance has approved a regulation mandating designated financial institutions and credit assessment agents to implement robust information security incident management policies and standardized reporting protocols. Covered entities must notify the Autorité des marchés financiers within 24 hours of a significant incident, provide updates every three days until resolution, and maintain a secure incident register for at least five years. Failure to comply with these operational or recordkeeping obligations triggers monetary administrative penalties ranging from $250 to $2,500.
Share