As digital asset business becomes more pervasive in all sectors of economic activity, the cyber threat to businesses and customers alike will continue to proliferate. The Bermuda Monetary Authority (the “BMA”) recognises the need for effective cybersecurity programs in all financial service sectors that it regulates, including the digital asset business sector. Digital asset businesses operating in or from within Bermuda must implement and maintain effective cybersecurity rules as per the Digital Asset Business (Cybersecurity) Rules 2018. In response to the growing implications of cybersecurity failures to customers and the reputation of the jurisdiction, the BMA has established a specific team for the supervision of licenced digital asset business’s cybersecurity programs.
Every licensed undertaking must appoint a senior executive to oversee and implement its cybersecurity program and enforce its cybersecurity policies (the “CISO”). The CISO will be required to report to the Board of Directors on a regular basis and provide an annual report. In appointing the CISO, care must be exercised to ensure the proposed individual is a “fit and proper” and an individual…