Funds and asset management regulatory news, November 2020

Hogan Lovells

Hogan Lovells

Our latest Funds and asset management regulatory news compliments our General regulatory news of regulatory developments with broader application.


  • COVID-19: EFAMA updates cyber-prevention standards for investment management companies

COVID-19: EFAMA updates cyber-prevention standards for investment management companies

The European Fund and Asset Management Association (EFAMA) has published a document updating the International Investment Funds Association's (IIFA) Cybersecurity Program Basics document, which was first published in October 2019.

The original document set out key cyber-prevention standards for investment management companies and is intended to help to define commonly shared principles that firms should apply to minimise the likelihood of cyber incidents. These principles cover the need to establish an overarching cybersecurity framework, conduct cyber-risk awareness trainings with company staff, have an incident response plan, conduct tabletop exercises to test response plans, establish and monitor normal network activity, and participate in trusted information sharing networks.

The new document updates the core principles in the context of COVID-19. It takes the form of best practices relating to business continuity planning, information technology controls, inventory and control of software and hardware, the principle of least privilege, work from home considerations and secure configuration.

Both documents include useful links to publicly available resources that firms can refer to when setting up these measures.

EFAMA believes that the documents particularly will be of added value to small-sized investment management companies lacking the resources needed to fully meet the more demanding international standards (including those of the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO)).

EFAMA also announces that it is setting up a dedicated working group on cyber resilience to allow it to engage actively in future policy discussions, including the European Commission's recent legislative proposal on digital operational resilience.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Hogan Lovells | Attorney Advertising

Written by:

Hogan Lovells

Hogan Lovells on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.