Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

Irish regulator conducts on-site cyber security inspections at investment businesses


The Central Bank of Ireland (CBoI) has undertaken on-site inspections at investment companies and fund service providers as part of a review of cyber security policies and procedures in the industry.

The CBoI said it had also completed an information-gathering exercise from businesses in the investment market in Ireland which included obtaining details of the companies' "policies and procedures around the identification, management and mitigation of cyber risks threats and vulnerabilities".

It said the ongoing thematic review is one of its "supervisory priorities for the year".

"The integrity and security of firms' processes and information is critical to the safe and efficient delivery of the services which they offer to their clients," a spokesperson for the CBoI said in a statement. "This review will explore the controls around the security of firms' systems and the procedures governing access to these systems."

"The findings from this work will be used to establish best practice in relation to cyber security and to identify areas of poor practice which need to be addressed. Where weaknesses in firms' systems security environment are uncovered, the Central Bank will take all necessary actions to remedy the situation within its range of powers," it said.

The CBoI has previously stated that its approach to regulating financial services providers and markets is "based on a model of assertive risk-based supervision underpinned by a credible threat of enforcement". It said its enforcement measures are "an important tool to effect deterrence, achieve compliance and promote the behaviours we expect" and that it expects them to "effect a culture change" in organisations to which they are applied.

The CBoI has the power to fine companies that breach financial regulations in Ireland and can also apply other sanctions, such as disqualifications, suspensions and prohibitions.

Late last year, a report by the Financial Policy Committee (FPC) at the Bank of England identified some areas for improvement in the way in which banks view cyber threats. Cyber security "merits board-level attention given the evolving nature of cyber threats and the key importance of cyber resilience to continuity of financial services", the report said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.