Financial Service Commission  (FSC) Cybersecurity Compliance

Financial Service Commission  (FSC) Cybersecurity Compliance

Guidance and implementation services for FSC regulations in Mauritius

Essential Eight

Understanding  FSC Regulation 

With the evolution of tech and the emergence of fintech, there is also a rise of criminals looking to steal the data of their clients that they might use to extort money or engage in phishing them into giving away their financial details. As financial institutions speed up toward digital transformation, they must take proactive steps against cyber risks.   

Therefore, the Financial Service Commission has mandated that all the Management Companies in Mauritius comprising more than 200 companies follow a set of guidelines for cybersecurity.  

To ensure that these companies remain secure from emerging cyber threats, the Financial Service Commission has recommended a set of guidelines. These guidelines comprise best cybersecurity practices that can assist financial institutions in gaining a fundamental cybersecurity posture. It helps financial institutions to secure their financial data and take proactive steps against cyberattacks. Through periodic assessment,

Aspects of FSC Regulation

FSC ensures that all the Management companies keep up with the evolving threat landscape. Any company upon assessment shows non-compliance is subjected to severe fines that may not only cost their money but also the precious reputation that they have spent years building.

The following are some of the main aspects of FSC compliance:

A virtual asset service provider should be able to establish and maintain appropriate systems and controls for managing cybersecurity risks.
It states the roles and responsibilities of senior management in cybersecurity.
It defines accountabilities, strategies, and frameworks that are to be implemented by the company.
It states appropriate measures for information security and management of controls. It is to ensure the security of sensitive information assets.
It mandates that the company must take measures to ensure awareness of cybersecurity across all levels of the organization.
It requires companies to review their cybersecurity policies, strategies and framework periodically.
It makes it compulsory for the companies to submit the result of the effectiveness of their cybersecurity framework to the Commission periodically.
It mandates them to take steps for incident response planning and set strict roles and responsibilities on incident response planning.

SharkStriker Approach

SharkStriker believes in offering holistic end-to-end services for compliance based on a lifecycle approach. Our compliance consultants will provide you with the much-needed support and guidance for the entire phase of their NIST compliance achievement. Additionally, we provide support for external audits.

What most businesses find challenging is that they are often unable to find cybersecurity and compliance from a single company. SharkStriker assists in solving that challenge. It offers a one-stop shop for both cybersecurity and compliance. Another unique advantage that we offer is that we take a lifecycle approach to compliance and cybersecurity.

It simply means that we will provide you with a hand-holding service throughout your compliance journey from assessment of your organization for compliance gaps to implementation and post-implementation audit, SharkStriker will guide you at each step. The following is the approach that we follow for compliance management.

  • 01
    In the first step, we try to understand and assess the critical assets that process, store, and control information. We try to understand the people, processes, and technology before drawing the scope of the compliance. Once we have a comprehensive idea of all of these aspects, we begin drawing the scope of the compliance with the client.
  • 02
    Gap assessment
    Once a detailed scope of compliance has been drawn, we engage in a top-down assessment across different levels of the organization for compliance and cybersecurity. We ascertain the gaps in cybersecurity and compliance by comparing the status quo measures against those recommended by FSC. We also determine and categorize the risks as per their severity.
  • 03
    Risk Treatment
    Based on the gap assessed across different levels, we prepare a detailed risk treatment plan that would help the organization to meet all the recommendations for cybersecurity by FSC. Through this risk treatment plan, we not only help compliance achievement but also help them improve their posture through effective addressment of all of the cyber risks.
  • 04
    The next step is implementing the risk treatment plan with the recommended security policies, procedures, people, processes, and technology. We assist in implementing all the security measures that are recommended by FSC. At this stage, we tailor our managed security services as per the recommended measures.
  • 05
    Post implementation audit
    It is the critical step of our process. At this step, we assess whether the implementation is done without errors or gaps. We assess whether there are any deviations from the risk treatment plan in implementation. If we find any gaps, we take measures to bridge those gaps that are left out.
  • 06
    Training and awareness
    To close all the awareness gaps to compliance and cybersecurity we prepare training modules and awareness campaigns for the organization to ensure that the compliance process is well received and effectively implemented.

How can we help you with the FSC cybersecurity framework?

ISO 27001

The FSC regulations for cybersecurity offer a detailed set of guidelines for all the Management companies in Mauritius to follow. It comprises some of the best security practices against emerging cyber threats. The companies are liable to be assessed based on the security measures and controls they have integrated into their organization.

The FSC assesses these companies based on the regulations. Any company failing to meet the regulations may face the consequences of noncompliance including fines.

If your business is liable to be compliant with FSC guidelines then SharkStriker can help you out. We have a dedicated end-to-end compliance management service that could help you make your compliance journey smoother. From guided risk assessments, seamless policy management, and security guidance to implementation, we offer everything that you need to bridge all the compliance gaps.

Be compliance-ready, always, with SharkStriker!