The objective of these Guidelines is to:
- provide clarification and transparency to market participants on the minimum expected information and cyber security capabilities, i.e. security baseline;
- avoid potential regulatory arbitrage;
- foster supervisory convergence regarding the expectations and processes applicable in relation to ICT security and governance as a key to proper ICT and security risk management.