Cayman Islands regulated entities should have cybersecurity policies and procedures

All Cayman Islands regulated entities, including those that are licenced or registered under the Cayman Islands’ Securities Investment Business Act, are reminded that they should establish, implement, and maintain a documented cybersecurity framework that is designed to promptly identify, measure, assess, report, monitor and control or minimise cybersecurity risks as well as responding to and recovering from cybersecurity breaches that could have a material impact on their regulated business.

The cybersecurity framework should be consolidated into a set of policies and procedures which should be kept under periodic review by compliance and information technology personnel to ensure that the licensee or registered person complies with the relevant rules on cybersecurity and statement of guidance issued by the Cayman Islands Monetary Authority.

The requirement to have cybersecurity policies and procedures does not apply to regulated Cayman Islands mutual funds or registered private funds.

Copies of the CIMA Rule can be found here and the CIMA Statement of Guidance here.