Bank Negara Malaysia (the Malaysian Central Bank) (BNM) had, on 4 September 2018, issued an exposure draft of the Risk Management in Technology policy document (RMiT Exposure Draft). BNM is proposing for the policy to come into force on 1 June 2019 and it will apply to licensed banks,3 licensed insurers, licensed takaful operators, prescribed development financial institutions, operators of a designated payment system and eligible issuers of e-money (collectively, FIs). Given the increasing reliance by FIs on technology and online systems and the increasing threat of cyber attacks, the introduction by BNM of minimum standards on technology risk and cyber security management by FIs in Malaysia is timely. If the RMiT Exposure Draft is finalized, there will begin to be some (but not complete) alignment by BNM and the Monetary Authority of Singapore (MAS) on managing technology risk.4 The key requirements and standards that BNM is proposing to introduce are set out below.
1. Board and Senior Management Responsibilities
Similar to the MAS Technology Guidelines, the board of directors of FIs (Board) will have overall responsibility and oversight for the implementation of a…
