geevo®
geevo®
  • Home
  • About
  • Academy
  • GRC
    • Compliance
    • Governance
    • Risk Management
  • Managed Services
    • Managed Security Services
  • Security Technology
  • Publications
  • Support
  • Careers
  • Contact
  • More
    • Home
    • About
    • Academy
    • GRC
      • Compliance
      • Governance
      • Risk Management
    • Managed Services
      • Managed Security Services
    • Security Technology
    • Publications
    • Support
    • Careers
    • Contact
  • Home
  • About
  • Academy
  • GRC
    • Compliance
    • Governance
    • Risk Management
  • Managed Services
    • Managed Security Services
  • Security Technology
  • Publications
  • Support
  • Careers
  • Contact

CySEC Circular C571 and EBA Guidelines (EBA/GL/2019/04)

Circular C571 of the Cyprus Securities and Exchange Commission based on the ΕΒΑ Guidelines on Information and Communication Technology (ICT) and security risks management (EBA/GL/2019/04)


What EBA guidelines and Circular C571 are about?


The Cyprus Securities and Exchange Commission (the “CySEC”), on 2nd May 2023, issued circular C571, with regards to the Guidelines on ICT and security risk management (the ‘Guidelines’), as published on November 29, 2019 by the European Banking Authority (EBA).  


CySEC has adopted the Guidelines by incorporating them into its supervisory practices and its regulatory approach. 


The Scope


The scope of the Guidelines is to address ICT and security risks that have increased in recent years, due to the increasing digitalisation of the financial sector and the growing interconnectedness through telecommunications channels (internet, mobile and wireless lines, and wide area networks) and with other financial institutions and third parties. 


While the Guidelines recognise that cybersecurity should be part of a financial institution information security risk management, as a whole, the Guidelines in particular address the risk management actions that financial institutions must take to manage their ICT and security risks for all activities.


Circular C571 and its applicability


CySEC has adopted the Guidelines, which apply to CIF's that fall under sections 9(1), (3) and (4) of the Prudential Supervision of Investment Firms Law of 2021, i.e. with initial capital requirement of €150.000 and €750.000.


CIF’s compliance deadline?


The CIF's are required to take the necessary actions to ensure compliance with the Guidelines the soonest possible, and not later than 31.12.2023. 


Relevant internal audit reports should be submitted to the Board of Directors by 30.06.2024 and should be available for submission to CySEC upon request.


What needs to be done?


- CIF's should determine their governance and internal control framework for their ICT and security risks and establish measures to manage and mitigate their ICT and security risks.

- CIF's should review and provide objective assurance of the compliance of all ICT and security related activities and units of the CIF with its policies and procedures.

- CIF's should approve the audit plan, including any ICT audits and any material modifications thereto, by 31.12.2023. 


How can we help you comply?


  • Initial Gap analysis / IT audit;
  • Information Security Management System (ISMS) - Risk Framework;
  • Chief Information Security Officer (CISO) - vCISO appointment;
  • Digital identity management;
  • Information security reviews, assessment and testing;
  • Information security training and awareness;
  • Business Continuity Management System (BCMS).

Copyright © 2017 - 2024 geevo®, member of CPbros Group - All Rights Reserved.

Powered by geevo®

  • Support
  • Privacy Statement
  • Terms and Conditions

Incident Response

Incident Response and Digital Forensics

Instant support

Cookie Policy

This website uses cookies. By continuing to use this site, you accept our use of cookies.

DeclineAccept & Close