Financial Crime World

Financial Institutions in Trinidad and Tobago Urged to Enhance Cybersecurity Measures Amid Growing Threats

===========================================================

The Central Bank of Trinidad and Tobago has issued a comprehensive Cybersecurity Best Practices Guideline for financial institutions operating in the country. This move comes in response to public feedback on an earlier draft guideline, with the aim of mitigating the increasing risk of cyber attacks.

Mandatory Guidelines for Financial Institutions

The new guidelines are mandatory for institutions under the Central Bank’s purview. However, other companies are encouraged to adopt the measures as part of their cybersecurity strategy, although they are not required to report directly to the Central Bank.

Key Requirements and Categories

The Cybersecurity Best Practices Guideline comprises 20 specific requirements organized into six categories:

  • Governance: Establish a clear cybersecurity policy and framework for decision-making.
  • Risk Management: Identify, assess, and prioritize cyber risks, as well as implement controls to mitigate them.
  • Awareness and Training: Provide regular training and awareness programs for employees on cybersecurity best practices.
  • Business Continuity and Disaster Recovery: Develop plans for business continuity and disaster recovery in the event of a cyber attack.
  • Testing: Conduct regular penetration testing and vulnerability assessments to identify weaknesses.
  • Incident Management and Reporting: Establish procedures for reporting and responding to cyber incidents.

Industry Stakeholder Feedback

Industry stakeholders have praised the guidelines as a crucial step in combating the growing threat of cyber attacks, which can compromise sensitive financial information and disrupt business operations. The guidelines are designed to help financial institutions identify vulnerabilities, implement robust security measures, and respond quickly and effectively in the event of an attack.

Supporting Documents Available

The Central Bank has made available a range of supporting documents to aid in the implementation of the guidelines:

  • Circular letter
  • Industry comments table of responses
  • Cybersecurity Best Practices Guideline itself
  • Cyber risk self-assessment form
  • Cyber incident reporting form
  • Instructions for completing the cyber incident reporting form