MFSA launches consultation on cybersecurity guidelines

The Malta Financial Services Authority has launched a consultation exercise on set of cybersecurity guidelines for the financial services industry.

The financial services watchdog said the eventual strategy would seek to mitigate threats and increase certainty and would be rooted in a risk-based supervisory approach.

The guidelines would be targeted at entities operating in the virtual financial assets sector.

In a statement on Friday, the MFSA said the financial services industry is undergoing a “digital transformation”, with the introduction of innovative products, services and organizational forms.   

It said that while recent technological advancements, such as distributed ledger technology foster innovation within the industry, they also introduce new opportunities for cybercrime.

The MFSA said it had identified the need to ensure that the industry implements the “necessary cybersecurity solutions in order to effectively mitigate cyber threats, and therefore address the need for market integrity and consumer protection”.

The guidelines, the MFSA said, will set cybersecurity guidance notes that will be applicable to companies such as Professional Investor Funds investing in Virtual Currencies, VFA Agents, Issuers and VFA Service Providers.

“The MFSA’s objective is to provide increased certainty in a complex digital world. These guidance notes reflect the authority’s approach towards effective management of risks and the understanding of risk factors directly linked to an entity’s operation in the financial services landscape,” MFSA CEO Joseph Cuschieri noted.

“Indeed, the newly launched MFSA Vision 2021 identifies the application of a risk-based supervisory approach as one of the key pillars of this strategy.”

The authority said its proposals build on a number of initiatives taken at international level, focused on establishing regulatory frameworks governing the cybersecurity requirements of various actors across the financial industry, including guidelines by the European Banking Authority.

The standards, it said, being mainly driven by industry-specific needs, will provide a basis for cybersecurity strategies proportionate to the changing threat landscape. The MFSA added that this rise in initiatives relating to cybersecurity is imminently confronted with ever-more sophisticated cyber-attacks driven by various threat agents.

The consultation is open to the public until 8 March 2019. Industry participants and interested parties are invited to send their responses through an online survey.

READ MORE: Financial services regulator wants Malta to play in the 'Champions League'