Log In

Reset Password

BMA opens consultation on new code of practice

Cyber risk: The Bermuda Monetary is seeking feedback on a code of practice for digital asset cyber risk management.

The Bermuda Monetary Authority has posted for consultation its draft new Digital Asset Business Operational Cyber Risk Management Code of Practice along with revised Digital Asset Business Custody Code of Practice and Digital Asset (Cybersecurity) Rules.

It is part of the authority’s commitment to foster and encourage the prudent development of the growing DAB sector in Bermuda.

The authority said: “Cybersecurity is a key risk affecting all financial sectors regulated by the Bermuda Monetary Authority and continues to garner global attention as the number and severity of risk incidents increase.

“As such, it is also an important area of concern within the digital asset business sector.”

The BMA said: “The consultation documents intend to streamline the obligations of DABs with those of other sectors. It is, therefore, to the fullest extent possible, harmonised with the insurance and banking, trust, corporate services and Investments regulatory cyber frameworks.

“Nevertheless, in light of the heightened inherent cyber-risk pertaining to DABs, the consultation documents contain more stringent requirements in key areas, including: (i) audit trails (system logs) and audits both in the periodicity and number of controls in scope; (ii) systems/code testing, change management and incident reporting; and (iii) the addition of DAB-specific requirements (eg., smart contracts and blockchain security).

“The consultation documents are designed to promote the stable and secure management of information technology systems of regulated entities.

“They are deliberately not exhaustive and should remain flexible so as to accommodate a wide range of business models.

“DABs are required to implement their own technology risk assessment programmes, and determine their top risks and decide the appropriate risk response. DABs must be able to evidence that there is adequate board visibility and governance of their cyber-risk.

“Failure to comply with provisions set out in the consultation documents will be an important factor taken into account by the authority in determining whether a registrant is meeting its obligation to conduct its business in a sound and prudent manner.

“The DAB industry and other interested parties are invited to submit their views on the proposals set out in the consultation documents.

“These documents may be found at: https://www.bma.bm/document-centre/discussions-consultation-papers.

Comments should be sent to the authority digitally, via the below survey link or QR code, no later than 6 May 2022.


You must be Registered or to post comment or to vote.

Published April 06, 2022 at 7:31 am (Updated April 06, 2022 at 7:32 am)

BMA opens consultation on new code of practice

What you
Need to
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon