This Central Bank of Bahrain (CBB) regulation outlines requirements for cyber security risk management for investment firms. It mandates a robust framework to manage cyber security risks and vulnerabilities, including a cyber security strategy, policy, and risk management approach. The regulation aims to ensure the protection of financial institutions and their customers from cyber threats.
Key requirements
- Investment firms must establish a robust cyber security risk management framework.
- The Board must approve the cyber security policy and establish clear accountability for cyber risks.
- The cyber security risk management framework must be developed in accordance with the NIST Cyber security framework.
- Boards must receive comprehensive reports on cyber security issues in every Board meeting.
- The Board must evaluate and approve the cyber security risk management framework every three years.
Applies to: Category 1 and Category 2 investment firm licensees, and Category 3 investment firm licensees providing digital financial advice