The Latest Cyber Code of Conduct Amendments

Bermuda Monetary Authority announces new amendments to its Cyber Code of Conduct

The Bermuda Monetary Authority has made some important amendments to its Operational Cyber Risk Management Code of Conduct (Cyber Code of Conduct) in recent months, and it’s important that all relevant organisations understand their requirements and become compliant before their respective deadlines.

So, what is cybersecurity?

Cybersecurity is the practice of protecting your computers, laptops, servers, smartphones, other electronic devices, network, software, and system data from any malicious attacks and cyber threats. The confidentiality, integrity and availability of information is crucial to the daily operation and continuity of any business, and cyber risks can cause significant financial losses and/or reputational damage for companies, their stakeholders and clients.

What is the Cyber Code of Conduct?

The Cyber Code of Conduct, took effect as of 1 January 2021 and was developed to provide cyber security resilience within the local insurance industry in Bermuda. Overseen by the Office of the Privacy Commissioner and the Bermuda Monetary Authority (BMA), the Cyber Code of Conduct applies to all Bermuda registered Insurers, Insurance Managers, and Intermediaries (Agents, Brokers, Insurance Market Place Providers).  

Following this, in March 2022, the Code was published and came into force for corporate service providers, trust companies, money service businesses, investment businesses and fund administration providers. These Relevant Licensed Entities (RLE) are required to become compliant by 15 February 2023.  

What’s the latest update?

Following recent amendments to the Act, the BMA advised stakeholders that the Code came into force on 26 September 2022 for banks and deposit companies, with these RLEs (I.e., banks and deposit companies) being required to comply by 15 February 2023.

My business needs to comply – where do I start?

As a leading IT consultancy in Bermuda, Gnosis is highly experienced in safeguarding businesses and their clients from cyber-crime and ensuring compliance with the latest cybersecurity regulations.  

Our Virtual Chief Information Security Officer (vCISO) team approach includes a National Institute of Standards and Technology (NIST)-based, organization-wide cybersecurity maturity assessment to ensure we fully understand your business' strengths, weaknesses, and greatest areas of cyber risk and can navigate them effectively.

Get in touch to find out more about our vCISO service or speak to our expert team about cybersecurity today.

up arrow