LIC FMA ICT Security Guidelines


On Jun. 2, LIC FMA issued ICT security and implementation guidelines.


  • LIC FMA issued guideline 2021/3 on monitoring of risks linked to use of information and communication technology (ICT risks), to strengthen financial sector security.
  • Guidelines also defined requirements intermediaries must meet dealing with ICT risks.
  • LIC FMA also published guidelines 2021/17, which described the possibility of a graduated implementation of the ICT security directive under certain conditions.
  • ICT Risks
  • Include ICT security incidents such as data leaks or system failures, which can result from internal errors, as well as from external events such as cyber attacks.
  • More networking raises vulnerability of financial service providers' ICT infrastructures.
  • Guidelines aimed to minimize risk of ICT security incidents, show how to counter risks.
  • Set out, among other things, requirements for information security risk management, ICT strategy and governance of intermediaries, and associated structures, processes.
  • Requirements based on entity's risk structure, complexity, size, scope and type.
  • Effectiveness
  • The ICT directive ensures financial center stability, security, protection of customers.
  • The guideline is in force on Jan. 1, 2022.
  • Jan. 7, 2025 Updates
  • On Jan. 7, 2025, LIC FMA issued ICT Security Directive 2021/3, with scope amended in Dec. 2024 by supervisory board resolution, following preliminary implementation of the Digital Operational Resilience Act (DORA), which is effective from Feb. 1, 2025.
  • Adjusted to only apply to financial intermediaries that do not fall within scope of DORA.
  • Definitions/terms align to DORA; in response to intermediary questions, clarifications have been incorporated; takes into account DORA simplifications compared to 2021/3.
  • Main content changes: minimum requirements for creating register of contractual agreements (formerly register of outsourcing agreements); reporting ICT incidents.
  • The changes come into force on Feb. 1, 2025.

Regulators LIC FMA
Entity Types B/D; Bank; Corp; HF; IA; IB; Ins; Inv Co; MSB; Pension
Reference PR, Gd, 2021/3, 1/7/2025; Gd 2021/3, 2021/17, PR 6/2/2021; DORA Dir 2022/2556, Reg 2022/2554
Functions BCS; Compliance; Cyber; Financial; Legal; Outsourcing; Privacy; Risk; Technology
Countries Liechtenstein
Category
State
Products Banking; Corporate; Fund Mgt; Hedge Funds; Insurance; Mutual Funds; Payments; Pensions
Regions EMEA
Rule Type Final
Rule Date 6/2/2021
Effective Date 2/1/2025
Rule Id 107326
Linked to N/A
Reg. Last Update 1/7/2025
Report Section EU

Last substantive update on 01/09/2025