BMA Operational Cyber Risk Management Code of Conduct 2022

The Bermuda Monetary Authority (‘BMA’) published its Operational Cyber Risk Management Code of Conduct (‘Code’) for CSPs, Trust Companies, Money Service Businesses, Investment Businesses, and Fund Administration Providers (Relevant Licensed Entities or ‘RLE’) on 15 March 2022 and RLE are required to comply by 15 February 2023.

The goals of the Code are to ensure that RLE establishes a robust cybersecurity program and comply with related requirements. The Code prescribes specific requirements to ensure appropriate cybersecurity programs are in place. RLE should implement the Code in proportion to their cyber risk profile (nature, scale, and complexity of their business), following an appropriate assessment of their cyber risks. Each entity is required to assess its particular risk profile and design a program that robustly addresses such risks.