You are here


Survey Answer:

FCMC Regulation No 112
To set minimum security measures for information systems of Financial and Capital Market participants such as credit institutions, credit unions, payment institutions, electronic money institutions, insurance undertakings, insurance intermediaries, private pension funds, operators of the regulated market, Central Securities Depository, investment brokerage firms, investment firms, alternative investment fund managers. Security measures include risk management, limiting risks to information systems used by Financial and Capital Market participants for their operations and provision of services to their clients.
Security standards
Market participants’ management is responsible for: defining and executing security policy and strategy of information systems, defining obligations and responsibilities for their employees, organizing control, as well as allocating adequate funds for comprehensive provision of the functions of security and audit of information systems.
In the framework of providing the security of information systems market participants must ensure:
• issuance and update of rules for security of information systems;
• the classification of the information systems and the coordination of risk management and identification of threats;
• informing management about the compliance of security level to the requirements and about material security incidents of the information systems;
• supervision of the security measures set forth;
• training and informing employees in the field of the security of information systems;
• participation in restoration and planning of the uninterruptedness of the information systems;
• audit of security of the information systems;
FCMC Regulation No 112 also includes specific duties of market participants in respect to:
• management of information systems resources;
• risk analysis and management;
• physical and environment security management;
• management of accessibility of information systems;
• management of communication and operations;
• management of online services;
• development and changes in information systems;
• management of security incidents.
Notification duties
Market participants are obliged to file to the Commission a list of information systems audits carried out in the previous year and indicate the subject, purpose and the person who performed the audit. Also, till the 1st March of each year market undertakings must file to the Commission a list of security incidents registered during the previous year.

Provided By:
Sarmis Spilbergs, Edvijs Zandars: Ellex Klavins