On 13 September 2016, the Central Bank of Ireland (the CBI) published new guidance on IT risk management and cybersecurity for financial service firms. Publication of the Guidance follows the CBI’s previous actions in relation to cyber risks in the funds, insurance and banking sectors (see previous blog here). The CBI acknowledges that IT plays an integral part in the supply of financial services and calls on Boards and Senior Management of regulated firms to recognise the ever increasing incidences of cyber-attacks and business interruptions. It requests such firms to acknowledge their responsibilities in this regard and prioritise IT security. This responsibility involves establishing and maintaining a resilient IT strategy, while ensuring that it aligns with the firm’s general business strategy. It states that a robust oversight and engagement on IT matters at the Board and Senior Management level promotes an IT and security risk aware culture within the firm.
Continue Reading The Central Bank of Ireland publishes new Cross Industry Guidance on IT and Cybersecurity Risks

Those involved in technology deals express differing views on source code escrow. These views range from resignation that the supplier won’t agree to it to the view that even if we do get it, it will only be available on the provided non-negotiable terms or a fear that even if we could get our hands on the code, we wouldn’t know what to do with it. In our experience, the position is not quite as black and white on any of these points. There is an extra aspect to think about in relation to technology offerings which include software as a service and traditional source code escrow may not always be appropriate here. Public disputes on escrow arrangements are few and far between and that’s why a recent English High Court case is worth a read. The decision in the case, Filmflex Movies Limited and Piksel Limited can be accessed here.
Continue Reading Source Code Escrow – Case Law Developments