The Bermuda Monetary Authority published the revised Operational Cyber Risk Management Code of Conduct (the "Cyber Risk Code") for corporate service providers, trust companies, money services businesses, investment businesses, fund administration providers, banks and deposit companies (together, the "Relevant Legal Institutions") on 26 September 2022. All Relevant Legal Institutions must be in compliance with the Cyber Risk Code by 15 February 2023.
The Cyber Risk Code requires the board of directors and senior management team to have oversight of cyber risks, and for the board to approve, at least annually, a cyber risk policy. Each Relevant Legal Institution is also required to appoint a Chief Information Security Officer to oversee and implement its cyber risk programme and enforce the cyber risk policies.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
