You are here:
23 January 2020 / article

AFM publishes Principles for Information Security

A set of Principles for Information Security has been published by the AFM to provide guidance for financial firms and audit firms.

The Dutch Authority for Financial Markets (the AFM) has published a set of Principles for Information Security on 19 December 2019. To view the AFM publication, click here.

The introduction to the principles notes that the management of information security has become increasingly important due to increasing digitalisation of firms and a growth of the threat of cybercrime.1 The principles provide guidance for financial firms (including AIFMs)2 and audit firms in the interpretation of legal provisions. The principles have been drawn up further to input obtained in May 2019 via a public consultation.

The document includes principles on 11 different topics, including: policy, governance, identifying threats and assessing risks, people and culture, technology, processes, physical security, data, response and recovery, outsourcing and chain perspective. Practical examples of guidance given in the principles include (but are not limited to):

  • Periodic testing of implemented information security measures.
  • Making use of internationally accepted information security & cyber security frameworks.
  • Firms making clear legally binding agreements with outsourcing parties with respect to cooperation and division of responsibilities in the field of information security, noting the right to carry out audits at the suppliers.
  • The sharing of information on security risks and threats within chains of linked parties and within the sector.

The AFM notes on its website that it “expects firms to take appropriate measures to guarantee the continuity and reliability of their IT and provision of information, and to limit the impact of any security incidents.”3 Financial firms should take into account the AFM principles when managing IT security.

1. AFM Principles for Information Security pg. 4
2. And also including AIFs, UCITS, management companies of UCITS, investment firms, custodians, financial service providers (other than banks, insurers and financial institutions), pension funds, data reporting services providers and regulated markets.
3. https://www.afm.nl/en/professionals/nieuws/2019/dec/principes-informatiebeveiliging



Colored papers - Deal Lecta grp

Loyens & Loeff advised on the debt restructuring of Lecta Group

The Luxembourg Restructuring Team advised on the restructuring of EUR 700 million of debt of Spanish paper producer – Lecta Group. read more

The Trust Offices (Supervision) Act 2018: one year later

As per 1 January 2019, the Trust Offices (Supervision) Act 2018 entered into force. read more
pencil, coins and building on green and blue background - Rules & Regulations of the LuxSE

The LuxSE updates its Rules & Regulations

The R&R have been updated to take into account both recent legal and regulatory developments read more