The Financial Services Regulatory Authority (FSRA) of ADGM today announced the implementation of amendments to its regulatory framework for Authorised Persons and Recognised Bodies in relation to cyber risk management.
Compliance with the amendments will be required from 31 January 2026.
The implementation follows extensive industry engagement and feedback received on Consultation Paper No. 3 of 2025. The amendments require firms to integrate cyber risk management into their existing risk frameworks and build upon the FSRA’s Information Technology Risk Management Guidance and Governance Principles and Practices to Mitigate Cyber Threats and Crime.
Feedback received during the consultation period supported the amendments as a natural evolution of the FSRA’s regulatory framework in this dynamic risk area. In response to this feedback, the FSRA has enhanced the proposed amendments by providing firms with a six-month period to ensure compliance, clarifying the principles of proportionality and integration of cyber risk management frameworks, and adapting requirements for arrangements with IT service providers. The FSRA has also revised its guidance to assist firms in assessing the materiality of cyber incidents and is planning to update its cyber incident notification template before the end of the year.
Emmanuel Givanakis, Chief Executive Officer of ADGM’s FSRA, said, “These amendments reflect the FSRA’s ongoing commitment to operational resilience and cybersecurity. By continuing to integrate global best practices into our framework, we safeguard the integrity of the financial services industry in ADGM. These recent developments demonstrate our ongoing dedication to responsible innovation and further position ADGM as a leading jurisdiction for secure and forward-looking financial activity.”
The FSRA acknowledges the constructive and well-received feedback provided in response to the Consultation Paper.