Compliance assessment services for information and communication technologies and security risk management requirements of the Bank of Lithuania

Financial sector entities – banks, investment companies, insurance companies, credit institutions, etc. (hereinafter – Organizations) must ensure the requirements of Information and Communication Technologies and Security Risk Management (hereinafter – Requirements) established in the resolution of the Board of the Bank of Lithuania. The Bank of Lithuania requires such organizations to manage information and communication technology (ICT) and security risks in the organization’s activities and in the provision of services and ensure the protection of information stored, processed and transmitted by ICT systems.

Organizations must implement appropriate technical and organizational information and communication technology (ICT) and security risk management measures to ensure a level of security commensurate with the risk. If the requirements of the Bank of Lithuania are not properly implemented, the Organization’s license to engage in financial activities may be revoked, and in the event of a breach of personal data administrative fines may be imposed in accordance with GDPR provisions which may reach up to 2 – 4%. the total annual worldwide turnover of the preceding financial year, or up to EUR 20 000 000.

Organizations can prepare for the implementation of the requirements of the Bank of Lithuania independently or use the service provided by us – assessment services for compliance with the requirements of information and communication technologies and security risk management of the Bank of Lithuania.

• We gather and assess evidence and information
• We identify non-compliance with the Requirements
• We prepare recommendations to eliminate non-compliances

• Report prepared. A compliance assessment report is created, in which non-conformities with the Requirements have been identified during the compliance assessment
• Recommendations prepared. Recommendations are created to eliminate the non-compliances

• Non-compliances are identified and eliminated on the timely basis
• There are ensured compliance with the Bank of Lithuania’s information and communication technology and security risk management requirements