Industry Letter on Thematic Inspection of Cybersecurity Risk Management in Asset Management Firms

Fund Service Providers

Date: 17 April 2020

The Central Bank of Ireland (Central Bank) recently undertook a Thematic Inspection of Cybersecurity Risk Management (Thematic Inspection) in Investment Firms and Fund Service Providers (Asset Management Firms). The purpose of the inspection was to determine the adequacy of cybersecurity controls and cybersecurity risk management practices of the inspected firms and to identify good practices.

The Thematic Inspection examined (i) cybersecurity risk governance, (ii) cybersecurity risk management frameworks and (iii) certain technical controls for mitigating cybersecurity risk. The on-site inspections included a point-in-time maturity assessment of key cybersecurity risk management practices in place across the selected firms.

The Central Bank published an Industry Letter on 10 March 2020 which details the key findings identified during the Thematic Inspection, with associated Central Bank expectations. The Central Bank expects Asset Management Firms to fully consider these findings and evaluate their own cybersecurity risk management practices to establish if any improvements are required.


More information:

MIFID firms / Fund Service Provider Firms