The information contained in the Panama Papers leaked documents has already led governments, regulators and investigative authorities to reinvigorate challenges to previously acceptable practices and to accelerate efforts to enhance transparency standards and accountability. Additionally, the leak itself highlights cybersecurity vulnerabilities around the globe.
If a cyber hack is proven, Mossack Fonseca could be faced with claims from customers and regulators for having failed to protect confidential data. In addition to the reputational damage caused to Mossack Fonseca by this incident, the financial consequences could be considerable.
This case reinforces the importance of cybersecurity, as increasing volumes of information are available electronically. Fiduciary businesses have a duty of care to act in the best interest of their clients which includes protecting confidential data from being accessed unlawfully.
The JFSC also recently issued a Dear CEO letter to highlight the growing importance of cybersecurity arrangements and expectations of registered persons in this regard. At a minimum, licensees should understand and document the risk of a cyberattack, have contingency arrangements and ensure that the firm adequately addresses cybersecurity risks. Given recent events, however, we feel it is important to revisit the issue of cybersecurity.
A 3-step approach is recommended to mitigate the risks and impact of a potential cyberattack and therefore satisfy regulatory expectations:
Our experienced global cybersecurity and regulatory team will work with your firm to help understand your business workflow, deliver the appropriate risk management approach and meet regulatory standards. This approach will help create a robust cybersecurity framework with the following components:
End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.