EFAMA updates its key cyber-prevention standards for investment management companies

The European Fund and Asset Management Association (EFAMA), supported by investment fund associations from around the world, has updated its key cyber-prevention standards for investment management companies. This forms part of a global initiative led by the International Investment Association (IIFA).

The update, published on 28 October 2020, is published exactly one year to the day since the original principles were issued. 

The six original recommended principles that firms should apply to minimize the likelihood of cyber incidents were:

• Establish an overarching cyber-security framework,
• Conduct cyber-risk awareness training with company staff,
• Have an incident response plan,
• Conduct tabletop exercises to “test" such response plans,
• Establish and monitor normal network activity, and
• Participate in trusted information sharing networks.

The updates are in the form of best practice on:

• Business Continuity Planning,
• Information Technology Controls,
• Inventory and Control of Software & Hardware,
• Principle of Least Privilege,
• Work From Home Considerations, and
• Secure Configuration

Gibraltar's DLT regulation already encourages such best practices so these updates will not be completely new or surprising to practitioners working in financial services in Gibraltar.

The full update can be found here: https://cdn.ymaws.com/iifa.ca/resource/collection/7E6F564B-BA71-4A64-9B05-71FC7434D7F8/IIFA_Additional_Cybersecurity_Program_Basics__October_2020_.pdf