Financial Crime World

Cybersecurity Risks in Finance: Mauritius Takes a Stand

The Financial Services Commission (FSC) of Mauritius has issued a circular letter to management companies, emphasizing the importance of complying with regulatory requirements and guidelines to address growing concerns over cybersecurity risks in the financial sector.

Prioritizing Cybersecurity Risk Governance

The FSC’s letter, dated August 21, 2019, serves as a reminder that financial institutions must prioritize cybersecurity risk governance by ensuring they have robust systems in place to manage and mitigate risks associated with cyber attacks. Management companies are required to demonstrate a thorough understanding of cyber risks, vulnerabilities, and impact on their businesses, supported by documentation.

Compliance Requirements

To achieve this, the FSC expects management companies to:

  • Put in place policies and procedures approved by the board
  • Conduct annual cybersecurity risk assessments
  • Perform regular IT audits
  • Address identified loopholes
  • Conduct penetration testing to ensure systems are not vulnerable or susceptible to cyber attacks

Additionally, management companies must have contingency arrangements in place to deploy in the event of a cyber attack, including:

  • Maintaining service levels for clients
  • Informing relevant parties and authorities about the attack and its impact

Technology Risk and Cybersecurity Training

The FSC has also emphasized the importance of technology risk and cybersecurity training programs at all levels. The letter serves as a reminder that financial institutions must remain subject to obligations arising under other enactments.

A Proactive Stance

With this move, Mauritius is taking a proactive stance in addressing cyber threats in the financial sector, setting a precedent for other countries to follow suit. The FSC’s efforts will undoubtedly help to strengthen the island nation’s reputation as a hub for financial services and ensure the continued trust of investors and clients.

By prioritizing cybersecurity risk governance and compliance, Mauritius is demonstrating its commitment to protecting the financial sector from cyber threats, making it an attractive destination for financial institutions and investors alike.