As players in a globalised and technologically-driven financial services industry, asset management companies face cyber-security risks on a daily basis. Cyber-attacks aim mainly at obtaining, or restricting access to, sensitive data, related to clients and/or to portfolio construction and composition, trading and risk management, among other asset management functions.
The asset management industry is heavily reliant on information and communication technology (ICT). This trend is only set to intensify, on the back of fresh digital-technology challenges, including improvement of data availability, digitalization of assets, new processes in custody and settlement.
Against this backdrop, EFAMA has become increasingly more active on the topics of operational resilience and cybersecurity, supporting the European Commission’s intent to develop a harmonised framework for ICT risks and operational resilience. Principles and risk-based requirements should enable firms to implement controls that are future-proof, flexible, proportionate, and commensurate to the risks. On this basis, EFAMA is engaging with policy makers negotiating the Digital Operational Resilience Act (DORA) and contributing to cyber-prevention also jointly with other trade associations.