Digital Asset Business (Cybersecurity) Rules 2018

Every 'licensed undertaking' in Bermuda shall file annually a written report (prepared by its Chief Information Security Officer) assessing the availability, functionality and integrity of its electronic systems which shall include identifying associated risks arising from a digital asset business and a cybersecurity policy that is in place which addresses identified inadequacies, including a detailed response plan.

An  audit is required annually and includes, at least quarterly, penetration testing and vulnerability assessment. An audit trail system must be in place:

  • maintaining and protecting the integrity of an audit trail so that complete and accurate reconstruction of all financial transactions and accounting can occur; 
  • protecting the integrity of data stored (ensuring hardware and software are free from alteration and tampering), maintaining system logging (including access and events records)

Document Details

Document Type: 
Document Topic: 
Doument Author (Entity): 
Authoring Country: 
Originating Country or Trade Block: 
Issue Status: 
Year of Document: 
Date of Document: 
Friday, September 7, 2018
Document Authors: 
Bermuda Monetary Authority
Language (This Document): 

Legal Disclaimer: The content appearing on this site is for general information purposes only and made available on an "AS-IS" basis. The law is subject to change and no representation or warranty is made with regard to accuracy or fitness for a particular purpose.