One of the many undeniable facts of the 21st century is that we live in a time of ever-expanding globalization. People everywhere are connected. Events that occur at opposite ends of the earth can make ripples in various places across the entire world. So, when a document from the “Commission de Surveillance du Secteur Financier” in Luxembourg entitled, “Circular CSSF 13/554” (CSSF for short) came across our desks earlier last week, we dove right into it. Finding the translation of the legal jargon in the memo a tedious task, we decided that we would like to help make some sense of it all with a nice, easy-to-read overview. So, whether you’re someone with an affinity for financial compliance standards in other countries or a member of a Luxembourg institution itself (Bonjour!) read on for some CSSF knowledge.
From the start of the document, the message that the CSSF is trying to display to the various financial organizations in Luxembourg is very clear- “Professionals of the financial sector must always have full control over the resources under their responsibility and the corresponding access to these resources, primarily for compliance and governance reasons and secondly in order to protect confidential data subject to professional secrecy.” Simple enough. Now, reading the various requirements listed that are required in order to adhere to that goal is where my eyes began to glaze over. Split up below into bullet points are some of the most important requirements for compliance along with their corresponding sections, simplified. For reference, the original document can be found here. Phrases To Know:
An access tools policy written in a way that is easy to understand by people who are not IT specialists. It must be approved by the management of the financial institution.
The technical implementation of the “Approved AT Policy” on access tools systems.
The digital copy of the “Approved AT Policy” located within the tool used to perform the preventative controls. It is the baseline used to compare an AT policy change request to the “Approved AT Policy” and decide whether to authorize or implement said change.
Although brief, this summary gives a good overview as to what financial companies are up against in Luxembourg. Hopefully, you were able to stick with it to the end as it is very important for companies located in Luxembourg to adhere to these provisions as quickly as possible (The original circular was distributed on January 7th, active immediately).
That said, you’re probably scratching your head wondering where you can find a company/product to work with that will help you satisfy all of these complicated compliance requirements. Look no further!
StealthINTERCEPT® – produces a complete audit trail of all change and access activities, providing a more complete and accurate record of events than native logging can provide alone. Granular policy definition also provides the ability to prevent undesired and unauthorized changes, mitigating the threat of downtime, security breach, and compliance failure.
Give us a call or send an email.
Nate is a Web Marketing Manager at Stealthbits and has worked in the IT Security industry for over 7 years.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Read more© 2021 Stealthbits Technologies, Inc.
Leave a Reply