Circular to VFA Service Providers on Updates to Chapter 3 of the VFA Rulebook
Circular to VFA Service Providers on Updates to Chapter 3 of the VFA Rulebook
IT Audit Requirements
The revised Chapter 3 of the Rulebook places an obligation on the Service Providers to appoint an IT Auditor, and to conduct and submit an annual IT Audit which will consider IT risk areas such as ICT risk management; Use of third-party providers; ICT Project and Change Management; Business continuity management etc.
Additional provisions allow the MFSA to object to certain appointments of IT Auditors and to impose further reporting requirements. These changes are applicable on 1st January 2024 and remove the obligation to appoint a Systems Auditor and submit a Systems Audit report in line with MDIA guidelines. This change impacts the processes related to the systems’ review and audit of a VFA Service Provider, including engagement terms and reporting obligations.
How can BDO Malta help?
At BDO, we understand the complexities and challenges posed by these regulatory changes. Leveraging our extensive experience and comprehensive service offerings, we are well-equipped to help you manage these evolving requirements. Our specialised services include:
- MFSA IT Audits: We conduct thorough IT Audits in accordance with the MFSA's Guidance on ICT Related Arrangements.
- DORA Assessments and Advisory: We provide thorough assessments and strategic advice to ensure compliance with DORA.
- Third-Party Assurance: Our expertise extends to ISAE3000, ISAE3402, and SOC2 Attestation, offering assurance on third-party services.
- IT Strategy, Governance & Risk Management: BDO's consultants can assist in developing robust IT strategies, governance frameworks, and risk management protocols.
- ISO27001 Readiness and Implementation: We specialise in drafting and implementing Information Security Management Systems based on ISO27001 standards.
- Cyber Security Assessments: Our comprehensive assessments help identify and mitigate cyber threats, ensuring the security of your IT infrastructure.
If you have any inquiries or require further assistance in adapting to these changes, please do not hesitate to contact us. We are dedicated to providing the support and expertise necessary for successfully managing these evolving requirements.
