Banking Regulation 2025

MAURITIUS Law and Practice Contributed by: Valerie Bisasur, Jean-Vincent Dacruz and Shane Mungur, BLC Robert & Associates

Detection Capabilities Financial institutions are expected to implement advanced monitoring and detection capabilities to identify cyber incidents as early as possible. Continuous network monitoring and anomaly detection help to identify unusual behaviour that could indicate a cyber threat. Financial institutions should employ automated systems, such as Security Information and Event Management (SIEM) systems and real-time log - ging of network activities to detect potential inci - dents promptly. Incident Response and Recovery The Guideline mandates that financial institu - tions establish robust cyber incident response and recovery plans to minimise the impact of cyber incidents and resume operations quickly. The incident response plan should: • outline procedures for identifying, containing, mitigating and recovering from cyber inci - dents; and • be regularly tested, including through simula - tion exercises. Similarly, financial institutions should develop and test business continuity and disaster recov - ery plans specifically tailored to address cyber incidents. Testing The Guideline emphasises the importance of regular testing of cyber-resilience capabilities. This includes penetration testing, vulnerability assessments and scenario-based testing exer - cises that simulate cyber threats and measure the institution’s response.

This assessment includes creating and maintain - ing an inventory of ICT assets that, if compro - mised, could affect the entity’s ability to deliver critical services. The assessment should also include the maintenance of an inventory of third- party service providers that have access to the information assets of the financial institution together with their critical rating. Risk and Threat Intelligence Capabilities Financial institutions are expected to develop and maintain comprehensive threat intelligence and risk assessment capabilities, enabling them to stay informed about potential cyber threats and vulnerabilities. Regular risk assessments help identify and address potential weaknesses, with a focus on new and emerging threats. Financial institutions are required to engage in threat intelligence-sharing with the BoM. Protection of Systems and Data The Guideline mandates controls to protect critical assets and sensitive information from unauthorised access, disruption or destruction. It emphasises that entities should implement protective measures to ensure the confidential - ity, integrity and availability of critical systems and data. This includes strong access controls, encryption standards and secure coding practices. Financial institutions should secure their sys - tems against cyber threats through firewalls, antivirus software, intrusion detection/preven - tion systems and regular updates to protect against vulnerabilities.

368 CHAMBERS.COM

Powered by