Financial Crime World

Bermuda Financial Institutions Face Growing Cybersecurity Risks as Deadline Looms for Compliance with New Code of Conduct

The Bermuda Monetary Authority (BMA) has issued an Insurance Sector Operational Cyber Risk Management Code of Conduct, which came into effect on January 1, 2021. This code requires all regulated insurance entities to establish and implement robust cybersecurity programs by December 31, 2021.

Background

The BMA’s new code is a response to the increasingly sophisticated nature of cybercriminals and the growing cost of cybercrime, which has become intolerable for financial institutions. With stakeholders, including boards, regulators, investors, analysts, business partners, and customers, expecting greater visibility into an organization’s cybersecurity risk management program, the BMA aims to ensure that insurance entities regulated by the authority establish a robust cybersecurity program and comply with related requirements.

Key Requirements

Under the code, regulated entities are required to implement specific cybersecurity measures in proportion to their cyber risk profile. Each entity must conduct an assessment of its particular risk profile and design a program that effectively addresses such risks. The BMA’s ultimate goal is to ensure that insurance entities establish a robust cybersecurity program that stays ahead of evolving cyber threats.

Compliance Readiness Assessment

As the deadline for compliance approaches, it is crucial for financial institutions in Bermuda to understand where they stand today by proactively performing a compliance readiness assessment and addressing any gaps. With every entity at a different stage in terms of its cybersecurity risk management maturity, it is essential to stay up-to-date with best practices and evolving cyber threats.

Impact on Financial Institutions

The BMA’s Insurance Sector Operational Cyber Risk Management Code of Conduct aims to ensure that insurance entities are better equipped to manage the growing threat of cybercrime, protect their customers’ sensitive data, and maintain public trust. With the deadline for compliance fast approaching, financial institutions in Bermuda must prioritize cybersecurity risk management to avoid potential consequences and ensure business continuity.

Conclusion

The new code is a significant step towards mitigating the escalating threat of cybercrime in the insurance sector. To stay ahead of evolving cyber threats, it is essential for financial institutions in Bermuda to understand their current compliance posture and take proactive steps to address any gaps before the deadline. By prioritizing cybersecurity risk management, financial institutions can ensure business continuity and maintain public trust.