LexGo

Investment funds and financial institutions: CSSF FAQ on minimum IT security requirements for remote access
19/03/2020

On 17 March 2020, the CSSF issued an FAQ clarifying the recommended minimum IT security requirements for remote access implemented to meet the demands of the exceptional situation created by Covid-19 and issuing minimum recommendations with respect to:

high-privileged access: identification of user profiles with the highest risk levels (IT administrators, employees in charge of transactions/payments, etc.) and the implementation of proper security measures (strong authentication, access from a secure laptop, logging and review of sensitive actions);
secure communication: encryption of communication channels (e.g. use of VPN with AES-256, RSA-2048 encryption);
connection monitoring: controls to ensure, at least, that remote connections are consistent with recourse to teleworking (i.e. access during office hours, geofencing); 
the duration of remote access: remote access introduced due to the exceptional Covid-19 situation should be temporary and disabled once the exceptional circumstances have passed.

The CSSF is further “urging financial institutions under its prudential supervision to favour working from home as part of their business continuity plans. As already mentioned in the communication of 2 March, satisfactory IT security conditions should be guaranteed and no prior authorisation is needed for such work arrangements.

Related : Nautadutilh Avocats Luxembourg Sàrl ( Mrs. Yoanna Stefanova ,  Mr. Luc Courtois )

[+ http://www.nautadutilh.com]

Mrs. Yoanna Stefanova Mrs. Yoanna Stefanova
Partner
yoanna.stefanova@nautadutilh.com
Mr. Luc Courtois Mr. Luc Courtois
Partner
Luc.Courtois@nautadutilh.com

Click here to see the ad(s)
All articles Financial law

Lastest articles Financial law

Sustainable Finance Disclosure Regulation: the CSSF confirms that the compliance date remains 10 ...
26/11/2020

The Commission de Surveillance du Secteur Financier (the “CSSF”) has published a press release&...

Read more

FCA communication to Luxembourg-based entities about the UK temporary permissions regime
23/11/2020

On 19 November 2020 the Luxembourg supervisory authority for the financial sector, the CSSF, issued press release 20/...

Read more

ESG: Sustainability Related Disclosures Are you ready?
19/11/2020

Regulation (EU) 2019/ 2088, on the sustainability–related disclosures in the financial services sector (“SFDR&...

ESG: Sustainability Related Disclosures Are you ready? Read more

EU Crowdfunding Regulation adopted by European Parliament
12/11/2020

The European Parliament has adopted the Regulation on European Crowdfunding Service Providers for Business, which shall en...

EU Crowdfunding Regulation adopted by European Parliament Read more

Lastest articles by Mrs. Yoanna Stefanova

Luxembourg establishes a register of fiducies and trust
24/07/2020

The Act of 10 July 2020 ("the Act") transposes into Luxembourg law the last part of the fourth Anti-money Launde...

Read more

Luxembourg Brexit Laws: 15 September 2019 final deadline for UK based managers to notify the CSSF
22/08/2019

On 8 April 2019, Luxembourg adopted two laws ("Brexit Laws") on measures to be taken in relation to the financia...

Read more

The Luxembourg UBO Register: the end of the transition period is fast approaching (31 August 2019)
08/07/2019

The UBO Register Act, which entered into force on 1st March 2019, provides for a six-month transition period to submit inf...

Read more

The Luxembourg Bill Implementing Srd II as Regards the Encouragement of Long-Term Shareholder Eng...
10/05/2019

On 25 January 2019, Bill No 7402 (the "Bill") implementing Directive (EU) 2017/828 as regards the encouragement ...

Read more

Lastest articles by Mr. Luc Courtois

LexGO Network