This form is designed to provide a structured and consistent approach for notifying the Authority about cyber breaches, as well as offering regular updates until the incident is resolved. A cyber incident should be reported immediately if it is considered to have a significant impact or the potential to become a major issue. Examples of critical cyber threats include substantial data loss or compromised system controls, the potential to affect a large number of clients, unauthorized access to your systems, the introduction of harmful software, viruses, or spyware, and/or the alteration or extraction of data from your systems. Reports should be submitted to [email protected].

The Authority mandates that all individuals proposed as shareholders, managers, controllers, or directors for appointment to a company licensed under the Banks and Trust Companies Act and the Private Trust Companies Regulations must complete and submit a personal questionnaire, accompanied by the necessary supporting documents, as outlined in the licensing requirements.