30-07-2025
FSRA Updates Cyber Risk Management Rules for ADGM Financial Firms
The Financial Services Regulatory Authority (FSRA) of ADGM has announced the implementation of amendments to its regulatory framework concerning cyber risk management for Authorised Persons and Recognised Bodies.
The updated requirements will take effect from 31 January 2026.
The changes follow a consultation period and industry engagement stemming from Consultation Paper No. 3 of 2025.
The amendments require firms to embed cyber risk considerations into their broader risk management frameworks.
These revisions build on existing guidance, including the FSRA's Information Technology Risk Management Guidance and Governance Principles and Practices to Mitigate Cyber Threats and Crime.
According to the FSRA, feedback from stakeholders generally supported the proposed direction as a necessary progression of the regulatory regime in response to the evolving cyber risk landscape.
In light of this, the FSRA has introduced a six-month implementation period, clarified the principle of proportionality, and refined expectations regarding third-party IT service providers.
Further guidance has been issued to assist firms in evaluating the materiality of cyber incidents.
The FSRA also plans to revise its cyber incident notification template by the end of 2025.
Commenting on the amendments, Emmanuel Givanakis, CEO of the FSRA, stated:
'By continuing to integrate global best practices into our framework, we safeguard the integrity of the financial services industry in ADGM. These recent developments demonstrate our ongoing dedication to responsible innovation and further position ADGM as a leading jurisdiction for secure and forward-looking financial activity.'
