Regulated entities will have to create a separate Information Security Group and appoint a Chief Information Security Officer.
The Philippine SEC (Securities and Exchange Commission) has drafted new rules for regulated entities on establishing and maintaining a cybersecurity framework.
The rules have been issued in recognition that cybercrime is currently the “fastest rising economic crime” and a key agenda item of the national government.
All securities and derivatives market participants shall be required to comply with the new rules, including trading venues, broker-dealers, assets managers, transfer agents and self-regulatory organisations.
The rules include the identification of critical assets, information and systems, the adoption of organisational or technical measures to protect information systems, and the formulation of a response plan and recovery plan in the event of cybersecurity breaches.
Under the proposed rules, regulated entities must create a management group called the Information Security Group (InfoSec Group), separate from its existing Information Technology Group. A Chief Information Security Officer (CISO) shall be appointed to oversee…
