FFFS 2014:5

Finansinspektionen’s Regulations and General Guidelines regarding information security, IT operations and deposit systems

Repealed 2025-01-17 see FFFS 2024:21

Summary

The regulations apply to credit institutions and investment firms and include, for example, regulations that firms must work in a structured and methodical manner with information security. The regulations also regulate the governance and procedures for the IT operations and establish requirements on the security of deposit systems.

Amendments

The amendments entail that clearing organisations are no longer included in the scope and are the result of the term clearing organisation being removed from the Securities Market Act (2007:528).

The scope of the regulations has been expanded to include very large securities companies.

The amendments enter into force on 8 March 2023. Amendment 2023:5

The scope is changed such that securities companies, with the exception of those that will continue to apply the Capital Requirements Regulation (575/2013/EU), are no longer subject to the regulations.

The amendment enter into force on 7 July 2021. Amendment 2021:23

According to the amendment, undertakings with authorisation to conduct clearing operations according to Chapter 19 of the Securities Market Act (2007:528) shall be covered by the provisions on information security and IT operations set out in Finansinspektionen's regulations and general guidelines (FFFS 2014:5) regarding information security, IT operations and deposit systems.

The amendments will enter into force on 1 March 2018. Amendment 2018:2

Finansinspektionen is amending the reference to provisions regarding outsourcing agreements.

The amendment enters into force on 3 January 2018.

FI is amending the scope to agree with the scope in the Credit Institutions and Securities Companies (Special Supervision) Act (2014:968). The amendments enter into force on 2 August 2014. Amendment 2014:32

Documents

Changes