All VASPs are required to implement a Technology Governance and Risk Assessment Framework under Rule I.A.1 of this Technology and Information Rulebook. This Schedule 1 is provided by VARA as Guidance to VASPs, to assist them in creating effective Technology Governance and Risk Assessment Frameworks.
|
VASPs should consider all categories of risk and the risk mitigation standards (as may be applicable), set out in this Schedule 1 of the Technology & Information Rulebook, when creating their Technology Governance and Risk Assessment Frameworks.
|
Nothing in this Schedule 1 of the Technology & Information Rulebook shall limit, reduce or otherwise amend any Rules, or other requirements, with which VASPs must comply, under any applicable laws or regulations, Regulations, Rules or Directives, including but not limited to in respect of Personal Data protection.
|