Regulatory Alerts2023-12-18 | C609CySEC Circular C609 Clarification on EBA Guidelines on ICT and Security Risks Management
The Cyprus Securities and Exchange Commission issued Circular C609 to clarify the application of EBA Guidelines on ICT and security risks management for Cyprus Investment Firms. The circular specifies that CIFs must assign ICT risk oversight to a control function, which may be outsourced, and mandates that the internal audit function independently reviews compliance with ICT policies. Furthermore, it requires periodic audits of ICT governance and systems by qualified auditors to provide independent assurance to the management body on the effectiveness of risk controls.
Share