GFSC cyber security rules and guidance published

Published: 16 February 2021

UPDATE (16 February 2021)
The Guernsey Financial Services Commission (GFSC) has updated its cyber security rules and guidance. Highlighting the fact that there is no ‘one size fits all’ approach when dealing with cyber risks, it offers practical guidance and information for licenced institutions.

Reference to the risks around information security and data privacy illustrate the increasing areas of common ground for regulators and the regulated. Whilst the legal framework and strategic aims of the GFSC differ in many ways from those of the ODPA, there are also key areas of mutual concern and interest.

As is increasingly the case in all sectors, data must now be recognised and treated as a key asset; worth looking after because it has value and also because it protects individuals from harm.

UPDATE (2 November 2020)
The ODPA has today responded to the GFSC consultation on cyber security issues and vulnerabilities.

The consultation highlights the importance of understanding and responding to technology risks, including data privacy, for the regulated community. It also illustrates the need to take an organisation-wide approach covering software, system updates, staff training and policies, all of which are vital in ensuring preparedness and mitigating risk.

Where organisations suffer a cyber incident, they may need to notify both the GFSC and the ODPA and we are keen to ensure our local business community is supported in delivering on their obligations. It is our hope that our two regulatory offices can continue to work effectively together to ensure as much clarity and assistance is provided where these reporting requirements apply.

All organisations need to engage with this issue and consider it a priority and we welcome the opportunity to comment and highlight this critical area of all business activity.