← Back to Insights

Bermuda Compliance and Regulatory Updates - March 2022

12 April 2022

We have compiled a list of the latest compliance and regulatory updates that were announced or took effect that affected Bermuda in March 2022.

BMA Financial Sanctions Updates (https://www.bma.bm/international-sanctions)

Financial sanctions updates have been published by the BMA for Russia; Belarus; Syria; Democratic People’s Republic of Korea; Democratic Republic of the Congo; Iraq; ISIL Da-esh and Al-Qaida; Libya; Iran (including nuclear sanctions); Zimbabwe; South Sudan; Counter Terrorism; Guinea-Bissau; Cyber and Chemical Weapons

Operational Cyber Risk Management Code of Conduct (Fund Administration - Policy & Guidance - BMA)

This Code came into force on March 15, 2022, and Relevant Licensed Entities(RLEs) are required to become compliant with it by February 15, 2023.

Key requirements of the Code include the following:

  • the board of directors must, at least annually, approve a cyber risk policy
  • a risk assessment process must be in place to identify, evaluate, measure, respond to, monitor and report on cyber risks
  • cyber risk governance should follow a "three lines of defence" model
  • data governance, classification and information security controls (for detection, protection, response and recovery) must be implemented
  • cyber events with significant adverse impact to the RLE’s operations or clients must be reported to the BMA
  • RLEs are expected to maintain logs of all cybersecurity incidents
  • Staff cyber risk awareness training must be completed at least annually
  • Information should be classified and protected in a manner commensurate with its sensitivity, value and criticality
  • All non-public information must be protected by encryption
  • Business Continuity Planning (BCP) and Disaster Recovery (DR) plans must be tested at least annually, documented and any issues identified should be tracked for remediation

Innovative Insurer-General Business (Insurance - Reporting Forms and Guidelines - BMA)

The following was added to the Authority’s website in March 2022:

  • 2021 Innovative Insurer-General Business Handbook
  • 2021 Year-End Filing Requirements for Class Innovative Insurer-General Business
  • Innovative Insurer-General Business 2021 Year End BSCR

Insurance Prudential Standard Stakeholder Letter (Insurance - Discussion/Consultation Papers - BMA)

The BMA provided responses to the key comments received on the Consultation Papers for the Insurance (Prudential Standards) (Solvency Requirement) Amendment Rules 2022 for Insurance Groups, Class 4, Class 3B, Class 3A, Class C, Class D and Class E Insurers in a letter to stakeholders dated March 24, 2022.

Notification Letter - 2021 Year-End Cyber Stress Test Scenarios for Insurance (Notices (bma.bm)

A letter dated March 8, 2022, was sent by the BMA to provide guidance and clarity on the instructions for cyber underwriting details, non-cyber specific (re)insurance policies, prescribed cyber stress scenarios and (re)insurer specific/own cyber stress scenarios

The new section on BMA-prescribed cyber-stress section is to be completed by all insurance groups and classes for 2021 year-end filing on a best-efforts basis, then it will be finalised and fully required for all insurance groups and classes by 2022 year-end filing

Deadlines for Q2 2022:

  • 30 April 2022: Certificate of Compliance for ACSL (BMA)
  • 30 April 2022: Filing of Audited Accounts for AFSL (BSX)
  • 30 June 2022: Insurance Manager Return for AIFSL (BMA)
  • 30 June 2022: Economic Substance Declarations - 6 months after year end for the relevant entities (ROC)
  • 30 June 2022: Statement of Compliance - AFSL & AIFSL - 6 months after year end for the relevant entities (BMA)

Get in touch with our team

Contact Us