ADGM Academy Jurisdiction Al Reem Expansion Authorities Initiatives ADGM Academy Dispute Resolution
A platform that offers limitless opportunities and paves the way for a brighter future

Abu Dhabi boasts first-class infrastructure and unparalleled global connectivity, making it a premier international destination. Its exceptional qualities make it an ideal location to live, work, and conduct business.

Read about Abu Dhabi's life style
Latest Initiatives ADGM Announces Incentive Initiative for Existing Al Reem Island Businesses Transitioning to ADGM ADGM Marks Its Presence on Al Reem by Hosting its First Community Event on the Island
Overview Business Areas Setting up Operating in Public Registers Legal Framework
Providing an environment that empowers the future

A financial centre that provides transparency, efficiency, and integrity, through its progressive frameworks, future focused infrastructure, all within a familiar independent legal jurisdiction – ADGM is the perfect platform for success.

Find out how to set up in ADGM
Latest News ADQ Announced as the Headline Partner for Abu Dhabi Finance Week SIAC Signs Memorandum of Understanding with ADGM
Regulation Awareness Collaboration Ecosystem ADGM Sustainable
Preserve our economies and environment for future generations

ADGM, the centre for a transparent and thriving sustainable finance ecosystem.

More about our Sustainability vision
Highlights Abu Dhabi Sustainable Finance Forum’s COP28 Edition Deep-Dives into Nuances of “Building Green Financial Centres of the Future” ADGM, the Region's Leading Climate Finance Hub, Announces its Role as Principal Partner at COP28
Media News Events Spotlight Podcasts Publications
Stay up-to-date with our wide range of available resources

Our community of business professionals, entrepreneurs, and investors can depend on ADGM to provide timely news and reliable insights.

Read our latest news articles
Upcoming Events RESOLVE 2024
Support Make an enquiry Whistleblowing FAQs
We are here to help

At ADGM, we offer various support options, including contact details, FAQs, enquiry forms, and a whistleblowing form.

View available support options
Some of our FAQ topics
  • Getting started
  • Foundations regime
  • Resolution for incorporation
  • Existing auditors
  • New auditors
  • ACCESSADGM
  • Operating in ADGM

    Cybercrime Prevention

    Operating in ADGM Financial & Cyber Crime Prevention Cybercrime Prevention
    Building a robust and effective cybercrime prevention regulatory framework

    The increased reliance on technology has exposed financial institutions to new digital vulnerabilities for financial crime purposes, (e.g. data breaches, hacks, misuse of customer information and identities etc).

    Considering the evolving cyber threat landscape with the digital transformation, it is the responsibility of all stakeholders to be able to recognize the threat before it becomes an emergency and defeat sophisticated cyber techniques through proactive regulatory compliance, advanced protection strategies against threats, as well as scalability. This will help ADGM’s ecosystem to avoid financial, reputational, operational and regulatory risks.

    A key priority for the FSRA is to ensure firms of all sizes have in place an effective cybercrime prevention programme.

    FSRA’s Relevant Persons are required to establish and maintain an effective and robust cybercrime prevention programme to prevent opportunities for financial crime on an ongoing basis and to ensure that control measures are appropriate and proportionate considering any vulnerabilities relating to the use of new or developing technologies.

    Federal Decree Law No. 34 of 2021 on Combatting Rumors and Cybercrimes which took effect on January 2022 establishes a comprehensive legal framework to address the concerns relating to the misuse and abuse of online technologies.

    Federal Decree-Law No. (34) of 2021 On Countering Rumours and Cybercrimes English
    Federal Decree-Law No. (34) of 2021 On Countering Rumours and Cybercrimes Arabic

    The English translated versions of the UAE Federal Laws and Regulations should not be relied upon to interpret or referred to in the event of a legal dispute. The Arabic documents are the original and official source of reference.

    FSRA - FCCP - Notice No. 84 of 2024 - Cyber Security Council Alerts - Indicators of Compromise (IoC’s)
    FSRA - FCCP - Notice No. 15 of 2024 - Cyber Security Council Alerts

    The FSRA Governance Principles and Practices to Mitigate Cyber Threats and Crime provide guidelines to firms with practical illustrations on how the principles should be interpreted without divulging into technical specificities, noting that there are varying levels of sophistication and reliance on technology.

    The FSRA is mindful that the inherent cybercrime vulnerabilities and adopted cybersecurity measures may vary by firm due to different levels of sophistication and variance in reliance on technology. Firms are therefore required to tailor their cybercrime prevention programme by following a risk-based assessment methodology to identify the cyber threats their businesses are exposed to. This approach will help firms develop a structured and thought through strategy to combat cybercrime by effectively allocating resources, defining clear responsibilities, and implementing risk-based controls tailored to their inherent cyber risks. These strategies will also need to outline how they intend to prepare for, respond and recover from cyber-attacks should they occur.

    As a foundation, the FSRA expects firms to implement a framework that covers the following eight guiding principles. Hence, these principles will provide firms with supplementary guidelines that should be leveraged in conjunction with firms’ existing risk management practices. The following is a summary of the FSRA Governance Principles and Practices to Mitigate Cyber Threats and Crime.

    Principle 1: Cybersecurity Governance and Risk Management Framework

    Firms should have in place a robust system of cybersecurity governance with clearly defined roles and responsibilities where cyber risk is managed through a risk management framework set at the top comprising a series of well documented and understood policies, procedures and processes that define how the firms’ information assets are managed and protected.

    Principle 2: Cyber Risk Assessment

    Firms should know what information assets they have, including the locations of where their sensitive data is stored, as well as the inherent vulnerabilities and threats they are exposed to. Firms therefore needs to take stock of their information assets and perform periodic cyber risk assessments.

    Principle 3: Management of Cyber risks associated with Third Party Service Providers

    Firms should evaluate all relevant cybersecurity risks that may stem from placing reliance on third party service providers who manage or store confidential customer and/or financial information. Firms should adopt a risk-based approach prior to and during the lifecycle of their engagement with third party service providers.

    Principle 4: Incident response planning

    Firms are expected to plan their responses to cyber incidents in advance by developing an incident response plan that outlines how firms will respond to an unplanned disruption to services brought about by a cyber security event by limiting disruption and potential damage. There should be a clear set of instructions with defined roles and responsibilities and criteria to escalate to senior management. In essence, the plan should detail how the firm will prepare for, respond to and recover from a cybersecurity incident.

    Principle 5: Cybersecurity awareness and training

    Firms should aim to create an appropriate level or cybersecurity awareness amongst their employees. Employees are the major sources of cybersecurity risk. These risks can often take the form of social engineering tactics. In such scenarios, even the best technical controls can be undermined. Conversely, employees can also be one of the firms’ most effective resources in preventing incidents or detecting when an incident has occurred. Cybersecurity awareness and training is thus an essential component to a robust cybersecurity risk management framework.

    Principle 6: Protective controls

    Firms are expected to demonstrate that they have adopted suitable protective controls that are commensurate with their identified risk, complexity and size of the firms’ operations encompassing identity and access management, system architecture and configuration as well as vulnerability management.

    Principle 7: Detection systems and processes

    Firms should create and implement a robust detection system with the aim of identifying vulnerabilities and threats and ensuring the necessary countermeasures are adopted before they can be exploited. In doing so, firms, should define and differentiate between ‘normal’ and/or ‘expected’ activity, as well as suspicious activities. The detection and identification processes should be used to improve the firms’ response capabilities.

    Principle 8: Collaboration and cyber threat intelligence

    Information sharing is an effective way for firms to improve their understanding of the threats, tactics and procedures (TTP’s) of criminal actors. Firms should therefore consider participating in information sharing arrangements with other financial institutions, security and law enforcement agencies. Additionally, firms should consider participating in industry forums that provide an opportunity for intelligence sharing.

    FSRA-FCPU No. 15 of 2020 - Governance Principles and Practices to Mitigate Cyber Threats and Crime

    The FSRA has signed in May 2024 a Memorandum of Understanding (MoU) with the UAE Cyber Security Council to strengthen collaboration between both parties on cybercrime prevention.

    The FSRA is committed to prioritise cybercrime prevention initiatives and promote a safe and secure ecosystem. In addition, the FSRA is dedicated to safeguarding the financial stability and data integrity of licensed entities while actively contributing to the national strategy for cybercrime prevention.

    U.A.E Cyber Security Council Alerts

    As part of its commitment to keep FSRA’s Relevant Persons abreast of inherent and emerging cyber security threats, the Financial & Cyber Crime Prevention regularly publishes alerts as communicated by the Cyber Security Council. These alerts are aligned with efforts to foster a culture of cybercrime prevention and create a safer and more resilient financial environment. By sharing these alerts, the Financial & Cyber Crime Prevention helps FSRA’s Relevant Persons take proactive measures to enhance their systems and maintain effective and robust controls against potential cyber threats.

    Title A-Z Title Z-A Old to new New to old 10 20 30 Title Date Link
    No Records Found Please adjust filters.
    We’re here to help If you have any questions or concerns, don't hesitate to reach out.
    We offer various support options.
    Contact & Support

    About

    Overview Jurisdiction Al Reem Expansion Authorities Initiatives ADGM Academy Dispute Resolution Careers

    Business

    Overview Business areas Setting up Operating in Public registers Legal framework

    Sustainable Finance

    Regulation Awareness Collaboration Ecosystem ADGM Sustainable

    Discover

    Media News Events Spotlight Podcasts Publications Documents

    Contact & Support

    Support Make an enquiry Whistleblowing

    Resources

    FAQs Document Repository
    © 2024 Abu Dhabi Global Market. All rights reserved. Sitemap Terms and conditions Privacy policy Cookies policy

    We use cookies and similar technologies that are necessary to operate the website. Additional cookies are used to perform analysis of website usage. By continuing to use our website, you consent to our use of cookies. For more information, please read our Cookies Policy.

    Reject cookies Accept cookies