• Technology governance

    • 4.6

      The Digital Investment Manager must ensure that its systems and controls are adequate and appropriate for the scale, nature and complexity of its business.14 This applies in particular to systems and controls concerning:
      a. the transmission and storage of information;
      b. the assessment, mitigation and management of risks relating to the provision of digital investment management services, including data security;
      c. the effecting and monitoring of transactions by the Digital Investment Manager;
      d. the technical operations of the Digital Investment Manager, including contingency arrangements for disruption to its facilities;
      e. the operation of its functions relating to the safeguards and protections to investors; and
      f. outsourcing.

      14 Refer to GEN 2.2.3 and chapter 3.3, PRU 6.6 and 6.7, and other requirements in the Rulebook as applicable.

    • 4.7

      In assessing whether the systems and controls used by the Digital Investment Manager are adequate and appropriate for the scale and nature of its business, the FSRA may have regard to the following:
      a. the distribution of duties and responsibilities among its key individuals;
      b. the staffing and resources of the Digital Investment Manager;
      c. the arrangements made to enable key individuals to supervise the operations of the Digital Investment Manager; and
      d. the arrangements for internal and external audit, including technology audits.