Summary of SPOT inspections on asset management companies' cybersecurity measures No. 3 - 2023

As announced in its supervisory priorities for 2023, the Autorité des Marchés Financiers (AMF) has conducted a 3rd SPOT (Supervision of Operational and Thematic Practices) inspection campaign of the cybersecurity systems of 5 asset management companies (AMCs). This work is a continuation of the work carried out in 2019 and 2020 within the context of the entry into force in January 2023 of the DORA (Digital Operational Resilience Act) regulation on digital operational resilience in the financial sector, which will apply to French financial institutions from January 2025. Technical standards will be published on a number of subjects, including the use of IT service providers by institutions subject to the regulation. This campaign also echoes the risk mapping the AMF published in July 2023 which executive summary underlined the high level of cyber risks for financial market actors.