6 February 2023Analysis

BMA Cyber Risk Code deadline upcoming

Legal firm Conyers has issued a reminder to the market that the Bermuda Monetary Authority (BMA) has laid down that all relevant legal institutions must be in compliance with the Cyber Risk Code by 15 February 2023.

The BMA published the revised Operational Cyber Risk Management Code of Conduct for corporate service providers, trust companies, money services businesses, investment businesses and fund administration providers, banks and deposit companies on 26 September 2022.

The Cyber Risk Code requires the board of directors and senior management team to have oversight of cyber risks, and for the board to approve, at least annually, a cyber risk policy.

Each relevant legal institution is also required to appoint a chief information security officer to oversee and implement its cyber risk programme and enforce the cyber risk policies.