§ 29 — Power of Authority in relation to technology risk management

29.—(1) The Authority may, from time to time, issue such directions, or make such regulations under section 192, concerning any financial institution or class of financial institutions as the Authority considers necessary for —(a)

the management of technology risks, including cyber security risks;

(b)

the safe and sound use of technology to deliver financial services; and

(c)

the safe and sound use of technology to protect data.

(2) A financial institution that fails to comply with a direction issued to the financial institution under subsection (1) or contravenes any regulations mentioned in that subsection shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $1 million and, in the case of a continuing offence, to a further fine of $100,000 for every day or part of a day during which the offence continues after conviction.

—(1) The Authority may, from time to time, issue such directions, or make such regulations under section 192, concerning any financial institution or class of financial institutions as the Authority considers necessary for —(a)

the management of technology risks, including cyber security risks;

(b)

the safe and sound use of technology to deliver financial services; and

(c)

the safe and sound use of technology to protect data.

(2) A financial institution that fails to comply with a direction issued to the financial institution under subsection (1) or contravenes any regulations mentioned in that subsection shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $1 million and, in the case of a continuing offence, to a further fine of $100,000 for every day or part of a day during which the offence continues after conviction.