CIRCULARS COVERING THE ICT CONTROL FUNCTION  

A focus on Information and Communication Technology (ICT)
related risks and instructions
on how to manage them 

What you learn

  • What are the areas for improvement in ITC controls

  • Strong practices to manage ITC control environments in organizations 

  • The requirements for ICT and security risk management (CSSF Circular 20/750)

  • Regulatory aspects of telework and ICT (CSSF Circular 22/804, an update of CSSF Circular 21/769, which only covers security aspects) 

  • What are outsourcing arrangements (CSSF Circular 22/806)

  • How to monitor fraud and handle incidents (CSSF Circulars 9/712-11/504-21/787-15/603)

  • Open Banking API (CSSF Circular 19/720-EBA/OP/2020/10) 

What the training includes

f.png

MODULE 1

Outsourcing Oversight​

  • Analysis of key elements of CSSF Circular 22/806 on outsourcing arrangements

  • In-depth introduction of MAQIT's outsourcing framework, built to meet all regulatory expectations

Duration: 2h
2.png

MODULE 2

Information Security and ICT Risk Management

  • Analysis of key elements of CSSF Circular 20/750 on information and communication technology (ICT) requirements and security risk management

  • In-depth introduction of MAQIT's ICT Framework, built to support CISO and compliance teams

  • Review of CSSF Circular on Teleworking 22/804 and update on CSSF Circular 21/769

Duration: 2h
1.png

MODULE 3

PSD2 IT Regulatory

  • Analysis of key elements of the Payment Services Directive II (PSD2) regulations.

  • Presentation of a circular framing Open Banking, fraud monitoring and incident management

Duration: 2h

This training suits you if

  • You are a Cloud Officer, an ISO and Internal Auditor and you must comply with the new Luxembourg regulatory expectations 

  • You want to improve your IT knowledge and skills

Training content

Outsourcing Oversight

  • CSSF Circular 22/806 on Outsourcing Arrangements: introduction

  • CSSF Circular 22/806 on Outsourcing Arrangements: main areas

  • Clear understanding of the client's current situation + review of existing documentation

  • Guidance in the Notification Form process

  • Performance of the Target Operating Model (TOM)

  • Outsourcing Identification

  • Performance of Criticality Assessment

  • Performance of Risk Assessment

  • Performance of the Contractual Gap Analysis

  • Design and implementation of an exit strategy

  • Performance of Due Diligence questionnaire

  • Performance of the Architecture Document 

  • Guidance in maintaining CSSF Outsourcing Register / Cloud Computing Register, if applicable

Information Security and ICT Risk Management

  • CSSF Circular 20/750 on the requirements regarding information and communication technology (ICT) and security risk management: introduction

  • CSSF Circular 20/750 on the requirements regarding information and communication technology (ICT) and security risk management: main areas

  • Governance and Strategy: the management body

  • ICT and security risk management framework: people and process

  • Information Security Policy

  • ICT operations management

  • ICT project and change management

  • Business continuity management

  • Payment service user relationship management

  • How MAQIT can help you

  • Circular CSSF 21/769 on governance and security requirements for supervised entities to perform tasks or activities through Teleworking (as amended by Circular CSSF 22/804): introduction

  • Circular CSSF 21/769 on governance and security requirements for supervised entities to perform tasks or activities through Teleworking (as amended by Circular CSSF 22/804): main areas

PSD2 IT Regulatory

Fraud Monitoring and Incident Management

  • Circular CSSF 11/504: introduction

  • Circular CSSF 11/504: information to be reported

  • Circular CSSF 15/603: introduction

  • Circular CSSF 19/712: introduction

  • Circular CSSF 19/712: reporting dimensions

  • Circular CSSF 21/787: introduction

  • Circular CSSF 21/787: incident classification

  • Circular CSSF 21/787: incident reporting

  • Circular CSSF 21/787: information to be shared

Open Banking API

  • Circular CSSF 19/720: introduction

  • EBA/OP/2020/10: introduction

  • How MAQIT can help you

You will learn from

Luc.png

LUC MAQUIL

Managing Partner

Digital Transformation and Regulatory Advisory

Luc guides clients in CSSF regulation, PFS, and licensing enforcement, from the review process to the IT implementation. 

Dominic.png

DOMINIC WERTER

Senior Manager

Regulatory IT Services

Dominic assists clients in their RegTech challenges through his professional experience in software development, data integration, and IT operations. 

c.png

CYRIL CASSAGNES

Senior Manager

Regulatory IT Services

Cyril supports clients by assessing the potential gap between new technology and financial sector regulation, helping to draft all ICT-related documentation required by the regulator.

For more information or to register for the training