Given the increasing reliance of Financial Institutions (FIs) on technology and online systems and the increasing threat of cyber attacks, it is timely that the Bank Negara Malaysia (BNM) issued, on 4 September 2018, a set of minimum standards on technology risk and cybersecurity management by FIs in Malaysia – the Risk Management in Technology policy document (RMiT).
The RMiT has been issued as an exposure draft which it is intended will come into force on 1 June 2019 and will apply to the following categories of FIs in Malaysia – all licensed banks and a number of other licensed financial institutions including: insurers, takaful operators and prescribed development financial institutions. If the RMiT is finalized as proposed there will be some, although not complete, alignment by the BNM with the Monetary Authority of Singapore (MAS) guidelines on managing technology risk.
The key requirements proposed by the RMiT include:
Board and Senior Management Responsibilities
Similar to the MAS Technology Guidelines, the board of directors of FIs will have overall responsibility and oversight for the implementation of a robust technology risk management framework. The board is…