The Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market (ADGM) has released its Information Technology (IT) Risk Management Guidance (Guidance), offering a thorough and integrated framework for addressing technology risks within ADGM’s financial services sector.
This Guidance is the result of extensive collaboration with industry stakeholders, following the release of the FSRA’s Discussion Paper on IT Risk Management and an industry briefing conducted in February 2024. The FSRA received encouraging feedback from participants during this engagement, highlighting the relevance and importance of the Guidance.
Key sections of the Guidance
The Guidance is organized into four primary sections that outline best practices for IT risk management that FSRA-regulated entities should consider implementing:
- Fostering a Culture of Effective IT Risk Management – This section discusses governance and control measures for IT risk, including incident management, auditing, and oversight of third-party IT service providers.
- Managing an IT Environment – This part focuses on IT asset management, infrastructure, systems lifecycle, resilience, and responses to cyber incidents.
- Ensuring Secure Interactions – Here, the emphasis is on access control for systems, management of cryptographic keys, and secure online transactions.
- Utilizing Business Embedded Technologies – This section delves into emerging technologies, such as algorithm-driven solutions like generative artificial intelligence and decentralized infrastructures, including virtual asset platforms.
Read more: World Bank partners with ADGM Academy to boost financial literacy, economic knowledge
Alignment with best practices
The Guidance aligns with the best practices set forth by international standard-setting organizations and financial regulators. The FSRA anticipates that regulated entities will adopt these best practices in a way that is commensurate with their size, complexity, and business operations.
Importance of IT risk management
Emmanuel Givanakis, CEO of the ADGM FSRA, noted that as technology continues to reshape financial services, robust IT risk management is becoming increasingly essential. Also, he emphasized that this Guidance reinforces their supervisory emphasis on IT risk and cybersecurity while fostering innovation in digital finance. He stated that it provides actionable insights for senior executives, compliance officers, and IT professionals aiming to enhance their risk management frameworks. He highlighted that this initiative underscores their dedication to establishing a resilient and forward-looking international financial center in Abu Dhabi.
Recent regulatory actions
In February 2024, the FSRA imposed fines totaling AED170,000 on six financial institutions for violations of the Common Reporting Standard Regulations 2017 (the Regulations).
CRS implementation in the UAE
The Common Reporting Standard (CRS) governs the collection and global exchange of financial account and tax-related information among international regulatory bodies. It further outlines the financial information that must be gathered and reported by designated financial institutions, along with the due diligence processes required.
Moreover, developed by the Organisation for Economic Co-operation and Development (OECD), the CRS was instituted in the UAE in 2017.
FSRA’s enforcement actions
The FSRA’s actions address specific failures (where applicable) to:
- Follow necessary due diligence procedures mandated by the Regulations;
- Maintain records of due diligence activities;
- Report required information accurately and comprehensively
- Submit the necessary annual information return.
Commitment to international standards
Givanakis further remarked that ADGM is dedicated to adhering to international standards. He stated that the FSRA actively supports the UAE’s commitment to exchanging international tax information as part of a broader national initiative to enhance financial transparency. Additionally, he noted that they achieve this by upholding a robust supervisory framework and enforcement regime. Also, he emphasized that compliance with CRS requirements is a top priority for the FSRA, aligning with their goal of promoting and safeguarding the integrity of the ADGM financial system. Moreover, he expressed their resolute commitment to taking regulatory action against practices designed to evade tax reporting obligations.
