We live in an increasingly data rich society where information is more accessible and shared than ever before. However, at the same time, the need for this information to be protected from misappropriation is vital.
Advances in technology mean that organisations are increasingly dependent on information and the sharing of data to meet the needs of customers and citizens. Technologies to secure and protect this information, however, have not developed at the same pace, nor recognised the critical importance of related aspects of effective Information Security. Undoubtedly, keeping cybersecurity technology and legislation up-to-date is a challenge as criminals are always one step ahead of enforcement agencies. Nevertheless, legislation can only be properly effective if authorities are in constant consultation with the stakeholders of the relevant fintech industries so that any legislative responses are a reflection of the real threats and impacts.
Criminals and terrorists are targeting the cyber-world as a new market and, hardly a day goes by without reading about a new case of data breach or a new type of cyber-attack on local companies that suffer the repercussions. New industries and technologies, such as blockchain, are new targets for cybercrime and, hence, are among the main focus of any new cybersecurity laws and policies.
The authorities are becoming more aware of the threats of cybercrime to organisations and the impacts they have on the economy since no business is too small to be at risk of a cybersecurity attack. The Malta Financial Services Authority (MFSA) understood the potentials and risks that these new technologies have on the FinTech sector and published the Guidance Notes for consultation, which are intended to outline the best practices and risk management procedures to be followed in order to effectively mitigate cyber risks.
These Guidance Notes reflect the Authority’s approach towards effective management of risks and the understanding of risks factors directly linked to an entity’s operation in the financial services landscape.
The MFSA’s Guidance Notes are specifically addressed to Professional Investor Funds investing in Virtual Currencies; VFA Agents; Issuers and VFA Service Providers; however, as best practices, they are of interest to any entity that might be at risk of cybercrime.