With the increasing reliance on digital processes, tools, and the economy itself, the financial services sector faces heightened exposure to operational risks, particularly Information and Communication Technology (ICT) risks. The latest volume of the Malta Financial Services Authority (MFSA)’s publication, “The Nature and Art of Supervision”, offers a detailed and updated account of the work carried out by the Authority’s Supervisory ICT Risk and Cybersecurity (SIRC) Function. This edition provides an in-depth look at how the MFSA is adapting to key regulatory developments, such as the Digital Operational Resilience Act (DORA) and highlights its ongoing commitment to enhancing digital operational resilience and cyber-maturity within Malta’s financial sector.

The publication elaborates on several supervisory efforts made by the SIRC Function, including support for authorisations, ongoing supervision, incident reporting, management of ICT third-party risk, and threat-led penetration testing. It also offers insights into the SIRC Function’s common findings related to ICT and Cybersecurity, making it an essential read for all interested parties and Authorised Persons.

Mr Alan Decelis, Head of the SIRC Function commented, “The Authority remains committed to emerging supervisory areas and priorities, such as ICT and digital operational resilience. The publication provides exclusive insights into the Authority’s approach to ICT and Cybersecurity supervision within the context of outcome-based supervision throughout the supervisory lifecycle of Authorised Persons – it is definitely a recommended read. I am indeed very proud of how the SIRC Function has evolved since its establishment in early 2020. We have made significant progress in key areas and have contributed substantially to national digital operational resilience in the sector.”

The MFSA established the SIRC Function in early 2020 to specifically address emerging ICT risks and contribute to the sector’s overall resilience. Since its inception, the SIRC Function has significantly matured, with the publication outlining its progress in key supervisory areas such as authorisations, ongoing supervision, incident reporting, and the management of ICT third-party risks. The SIRC Function is committed to an outcome-based supervisory approach, using various tools to ensure Authorised Persons’ progress against key supervisory priorities, including DORA preparedness, strong risk management and compliance functions, effective incident management processes, and satisfactory status of ICT third-party providers.

As the MFSA continues to streamline its processes and bolster the sector’s resilience, this publication serves as a crucial resource for all those involved in Malta’s financial services landscape.