Issue link: https://maltatoday.uberflip.com/i/1132126
20.06.19 15 FINANCIAL SERVICES FOLLOWING the publication of the MFSA Guidance Notes on Cybersecurity – Consulta- tion Document, the MFSA has finalised its Guidance Notes on Cybersecurity as a minimum set of best practices and risk management procedures to be followed in order to effectively mitigate cyber risks. e key points identified by respondents were as follows: Positive Feedback e proposed Guidance Notes on Cybersecurity was positively received, with re- spondents noting that the doc- ument is very thorough and gives a very good overview of all cybersecurity practices. Ongoing monitoring Overall feedback indicates that proactive monitoring ought to be more emphasised as it is a pivotal element re- quired to ensure that systems and networks are safeguarded in real-time through intru- sion detection measures which prompt alerts of any cyber threats. Data Loss Prevention framework Respondents emphasised that a Data Loss Prevention framework would be benefi- cial in tracking any movement of confidential data through and out of the organisation in order to detect and flag any unauthorised disclosure of such data. Preventing critical lock out scenarios Respondents emphasised on the effectiveness of a privileged access management policy in order to mitigate against criti- cal lock out scenarios. e Authority has welcomed the feedback received and sub- sequently amended the Guid- ance Notes on Cybersecurity to incorporate the above men- tioned key points identified by respondents. THE Malta Financial Services Authority ('MFSA') and the Financial Intelligence Analysis Unit ('FIAU') on Tuesday pub- lished a Guidance Document for Credit Institutions, Payment Institutions and Electronic Money Institutions opening accounts for FinTechs. is will support innovation within this emergent sector, while at the same time safeguarding the integrity of the fi- nancial market. e Guidance Document, being pub- lished following a joint public consulta- tion originally issued on the 27 March 2019, is intended to assist such institu- tions to acquire a better understanding of the risks of any prospective custom- ers, active in technology reliant areas, prior to servicing them. is Guidance Document is not in- tended to be binding and neither does it provide any derogation from any obli- gations that a subject person has to ful- fil in terms of the Prevention of Money Laundering and Funding of Terrorism Regulations ('PMLFTR') but rather seeks to provide additional assistance as to how adherence thereto can be achieved when a prospective customer carries out particular activities. In this respect it is crucial that the guidance document is read together with the Implementing Procedures and any other relevant guidance document issued by the FIAU, as well as within the more general context provided by the PMLFTR. e Authorities encourage affected institutions to take this docu- ment into consideration when formu- lating their risk assessment measures, controls, policies and procedures. Christopher P. Buttigieg, Chief Of- ficer Strategy, Policy and Innovation, noted that: "e MFSA is well aware of the need to strike a delicate balance in this area. We cannot attract new business in financial technology if such companies do not find the required banking services. At the same time, we understand that banks operate on risk- based priorities and need to follow strict regulatory standards. Whilst it is not our role to set banks' risk appetite, we can facilitate business as much as possible by clarifying our expectations to all operators in these emergent sec- tors". FIAU and MFSA publish joint guidance document for institutions opening accounts for FinTechs MFSA publishes guidance notes on cybersecurity after consultation with key stakeholders