Gavin Baxendale
Client Director | Consulting
Cayman Islands
Client Director
Cayman Islands
Big things are happening at Ogier. Change is embedded in everything we do. It is redefining our talent, our ways of working, our platforms of delivery, our culture.
Services
We have the expertise to handle the most demanding transactions. Our commercial understanding and experience of working with leading financial institutions, professional advisers and regulatory bodies means we add real value to clients’ businesses.
Sectors
Our sector approach relies on smart collaboration between teams who have a deep understanding of related businesses and industry dynamics. The specific combination of our highly informed experts helps our clients to see around corners.
We have the expertise to handle the most demanding transactions. Our commercial understanding and experience of working with leading financial institutions, professional advisers and regulatory bodies means we add real value to clients’ businesses.
Legal
Corporate and Fiduciary
Consulting
Banking and Finance
Corporate
Dispute Resolution
Employment law
Intellectual Property
Investment Funds
Listing Services
Local Legal Services
Private Wealth
Property law
Regulatory
Relocation Services
Restructuring and Insolvency
Tax
Banking and Finance overview
Asset Finance
CAYLUX Fund Finance
Debt Capital Markets
Derivatives
Fund Finance
Islamic Finance
Leveraged Finance
Listing services
Real Estate Finance
Regulatory
Restructuring and Insolvency
Structured Finance
Sustainable Finance
Corporate overview
Economic Substance
EIIS Services in Ireland
Equity Capital Markets
Insurance and Reinsurance
Listing services
Mergers and Acquisitions
Private Equity
Real Estate Structuring, Acquisitions and Disposals
Regulatory
Technology and Web3
Dispute Resolution overview
Banking Disputes
Corporate and Financial Services Disputes
Crypto Disputes
Enforcement of Judgments and Awards
Fraud and Asset Tracing
Funds Disputes
Insurance Disputes
International Arbitration
Regulatory
Restructuring and Insolvency
Section 238 Shareholder Appraisal Rights
Shareholder and Valuation Disputes
Trusts Disputes and Applications
Investment Funds overview
Hedge Funds
Managers and Sponsors
Private Equity
Real Estate, Infrastructure and Energy Funds
Regulatory
Sustainable Investing and Impact Funds
Technology and Web3
Local Legal Services overview
Cayman Local Legal Services
Channel Islands Local Legal Services
Employment law
Estate Planning, Wills and Probate
Expat services
Family Office
Intellectual Property
Ireland Local Legal Services
Make your Guernsey will online
Make your Jersey lasting power of attorney online
Make your Jersey will online
Notary public services
Property law
Relocation Services
Private Wealth overview
Employee incentives and pensions
Estate Planning, Wills and Probate
Family Office
Make a Jersey lasting power of attorney online
Make your Guernsey will online
Make your Jersey will online
Private Wealth and ESG
Private Wealth and Jersey Private Funds
Relocation Services
Trusts Advisory Group
Accounting and Financial Reporting Services - Ogier Global
Cayman Islands AML/CFT training - Ogier Global
Corporate Services - Ogier Global
Debt Capital Markets - Ogier Global
Fund Services - Ogier Global
Governance Services - Ogier Global
Investor Services - Ogier Global
Ogier Connect - Ogier Global
Private Wealth Services - Ogier Global
Real Estate Services - Ogier Global
Regulatory and Compliance Services - Ogier Global
Our sector approach relies on smart collaboration between teams who have a deep understanding of related businesses and industry dynamics. The specific combination of our highly informed experts helps our clients to see around corners.
Ogier provides practical advice on BVI, Cayman Islands, Guernsey, Irish, Jersey and Luxembourg law through our global network of offices across the Asian, Caribbean and European timezones. Ogier is the only firm to advise on this unique combination of laws.
Keep up to date with industry insights, analysis and reviews. Find out about the work of our expert teams and subscribe to receive our newsletters straight to your inbox.
Fresh thinking, sharper opinion.
We get straight to the point, managing complexity to get to the essentials. Our global network of offices covers every time zone.
No Content Set
Exception:
Website.Models.ViewModels.Components.General.Banners.BannerComponentVm
Insight
11 September 2023
Cayman Islands
2 min read
ON THIS PAGE
In today's digitally interconnected world, organisations heavily depend on third parties for various critical functions. Whether it's IT infrastructure, software solutions or staffing resources, these external partners play a vital role in an organisation's success.
Despite being aware of this potential danger, many organisations lack a proper risk mitigation strategy, leaving them unprepared and disconnected in managing the problem. Ogier Regulatory Consulting client director Gavin Baxendale discusses the responsibilities for cybersecurity and the nuances between group and local policy and control frameworks.
The responsibility for cybersecurity in these situations is often unclear, leading to assumptions and potential vulnerabilities. Additionally, the involvement of fourth-party suppliers, connected to the original suppliers, can inadvertently expose sensitive data. The reliance on external partners also exposes organisations to a wide array of risks that must be addressed through a comprehensive Third-Party Risk Management (TPRM) program.
TPRM entails the systematic process of identifying, assessing, and mitigating risks associated with third parties, in accordance with company cyber security metrics, local and global regulation. This approach requires an enterprise-wide perspective that goes beyond traditional third-party management practices, including the monitoring of service level agreements.
According to CIMA Rule: Cybersecurity for Regulated Entities (April 2023), licensee’s governing bodies are ultimately responsible for cyber security (rule 6.1) and more specifically are required to perform an assessment of any providers (whether third parties or affiliates) to which it has outsourced IT functions to ensure their compliance with the Rule and related Statement of Guidance. Furthermore it must have oversight and clear accountability for all outsourced functions as though they were not outsourced. It is also noted that cybersecurity risks may arise in other outsourcing arrangements, not only IT (rule 6.5).
The Cayman Islands Monetary Authority (CIMA) being the primary regulator responsible for the regulation of financial services entities operating in and from the Cayman Islands released a Thematic Cybersecurity Review in June 2023. The review involved an analysis of 12 regulated entities from across the banking, insurance and securities sectors over a period from April to December 2022. Insights regarding good practices and areas for improvement are outlined here.
“Where cybersecurity functions are outsourced (whether intra-group or to third parties), entities are to assess and gain a level of assurance that the frameworks implemented by the service providers are adequate and fit for purpose.”
Detailed written agreements with intergroup or third-party service providers.
Written confirmations of the adequacy of frameworks managed at the group level.
Entities who rely on group framework should receive written confirmation on the adequacy of the frameworks being managed at the group level.
The need to conduct regular assessment of the intra-group and third-party cybersecurity frameworks against local requirements to ensure compliance.
The need to ensure outsourcing agreements comply with local requirements.
Areas of weakness in outsourcing are explained in the graph on page 17 of the review.
Whether you have long-standing third-party relationships or have begun the process of choosing a new partner, it's important to understand where you are on the TPRM roadmap. We can assist with developing, managing, and advising with local experts in AML, Cybersecurity and jurisdictional law.
Third-party identification
Evaluation and selection
Risk assessment
Risk mitigation and management
Contracting and procurement
Reporting and recordkeeping
Ongoing monitoring
Vendor offboarding
Governance documentation
Get in touch with us at regulatoryconsulting@ogier.com or learn more on our service page.
Gavin Baxendale
Client Director | Consulting
Cayman Islands
Client Director
Cayman Islands
Ogier is a professional services firm with the knowledge and expertise to handle the most demanding and complex transactions and provide expert, efficient and cost-effective services to all our clients. We regularly win awards for the quality of our client service, our work and our people.
This client briefing has been prepared for clients and professional associates of Ogier. The information and expressions of opinion which it contains are not intended to be a comprehensive study or to provide legal advice and should not be treated as a substitute for specific advice concerning individual situations.
Regulatory information can be found under Legal Notice
Sign up to receive updates and newsletters from us.
Sign up
No Content Set
Exception:
Website.Models.ViewModels.Blocks.SiteBlocks.CookiePolicySiteBlockVm