ADGM FSRA IT risk expectations should be verified against the current FSRA rulebook and guidance for the firm's permission and activity.
Official sources
What the expectations are trying to do
Authorized firms should have control over technology supporting regulated activities. That includes systems, access, security, data, outsourced providers, incident handling, and recovery.
What teams need to do
- Identify applicable FSRA rules and guidance.
- Map systems, data, providers, access, and business processes.
- Review technology providers and outsourced IT services.
- Maintain incident, continuity, security, and audit evidence.
Evidence to maintain
- IT risk policies, system inventory, and provider map.
- Access, cyber, incident, continuity, and audit evidence.
- Contracts, monitoring, issues, and remediation.
Common gaps
- Rulebook source mapping is incomplete.
- IT providers are not tied to regulated activities.
- Incident and continuity evidence is not connected to provider records.
How Halbarad helps
Halbarad helps ADGM firms map technology providers to systems, data, controls, incidents, issues, and reporting.
Disclaimer
This guide is for general information only and is not legal advice. Review the official regulation, guidance, and supervisory materials, and consult qualified counsel or compliance advisors for your organization's specific obligations.