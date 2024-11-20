Abu Dhabi, UAE: The Financial Services Regulatory Authority (FSRA) of ADGM has published its Information Technology (IT) Risk Management Guidance (Guidance), providing a comprehensive and holistic framework for managing technology risks in ADGM's financial sector.

The Guidance reflects extensive industry engagement, following the publication of the FSRA’s Discussion Paper on IT Risk Management and an industry briefing held in February 2024. During this engagement, the FSRA received positive feedback from stakeholders on the Guidance

The Guidance comprises four key sections that identify best practices for IT risk management that entities regulated by the FSRA should consider adopting:

Establishing a Culture of Effective IT Risk Management – covers governance and controls for IT risk, including incident management, audits, and management of IT third party service providers.

– covers governance and controls for IT risk, including incident management, audits, and management of IT third party service providers. Managing an IT Environment – addresses IT asset management, IT infrastructure, systems lifecycle, resilience, and cyber incident response.

– addresses IT asset management, IT infrastructure, systems lifecycle, resilience, and cyber incident response. Interacting Securely – focuses on system access controls, cryptographic key management, and secure online transactions.

– focuses on system access controls, cryptographic key management, and secure online transactions. Leveraging Business Embedded Technologies – explores emerging technologies including algorithm-driven solutions like generative artificial intelligence, and decentralised infrastructure solutions such as virtual asset platforms.

The Guidance is aligned with best practices outlined by international standard-setting bodies and financial regulators. The FSRA expects regulated entities will implement the best practices in a manner that is proportionate to their size, complexity, and business activities.

Emmanuel Givanakis, CEO of the ADGM FSRA said: “As technology continues to transform financial services, robust IT risk management becomes increasingly critical. This Guidance reinforces our supervisory focus on IT risk and cybersecurity while supporting innovation in digital finance. It provides practical direction for senior executives, compliance officers, and IT practitioners to strengthen their risk management frameworks. This initiative reflects our commitment to building a resilient and progressive international financial centre in Abu Dhabi.”

The Guidance can be found here.