BNM published a policy document that sets out its requirements for the management of technology risk by financial institutions in Malaysia. In line with the proportionality principle, larger and more complex financial institutions are expected to demonstrate risk management practices and controls that are commensurate with the increased technology risk exposure of such institutions. The policy document comes into effect on January 01, 2020.
All financial institutions shall observe minimum prescribed standards in the policy document to prevent the exploitation of weak links in interconnected networks and systems that may cause detriment to other financial institutions and the wider financial system. The control measures set out in Appendices 1 to 5 serve as a guide for sound practices in defined areas. Financial institutions should be prepared to explain the risk management practices that depart from the control measures outlined in the Appendices and to demonstrate their effectiveness in addressing the technology risk exposure.
A financial institution must ensure that the technology risk management framework is an integral part of its enterprise risk management framework. The technology risk management framework must include the following:
- Clear definition of technology risk
- Clear assignment of responsibilities for the management of technology risk at different levels and across functions, with appropriate governance and reporting arrangements
- Identification of technology risks to which the financial institution is exposed, including risks from the adoption of new or emerging technology
- Risk classification of all information assets or systems, based on the "criticality"
- Risk measurement and assessment approaches and methodologies
- Risk control and mitigation
- Continuous monitoring to timely detect and address any material risks
Related Link: Policy Document (PDF)
Effective Date: January 01, 2020
Keywords: Asia Pacific, Malaysia, Banking, Insurance, Technology Risk, Governance, Operational Risk, Proportionality, BNM
Previous ArticleECB Publishes Results of Comprehensive Assessment for Nordea Bank
BoE published a statistical notice (Notice 2020/9) explaining the approach for treatment of payment holidays on the profit and loss return or Form PL.
BoE updated the known issues document for the statistical reporting Forms AS and FV.
FED announced individual capital requirements for 34 large banks and these requirements go into effect on October 01, 2020.
SRB published a set of documents to give operational guidance to banks on implementation of the bail-in tool.
BIS published an update on the G20 TechSprint Initiative, which was launched in April 2020 and aims to highlight the potential for technologies to resolve regulatory compliance (regtech) and supervisory (suptech) challenges.
OSFI published a letter that provides an update on the milestones for the implementation of the IFRS 17 standard on insurance contracts.
EBA updated the report on the implementation of selected COVID-19 policies.
The Financial Stability Institute (FSI) of BIS published a brief note that examines the supervisory challenges associated with certain temporary regulatory relief measures introduced by BCBS and prudential authorities in response to the COVID-19 pandemic.
BCBS is consulting on the principles for operational resilience and the revisions to the principles for sound management of operational risk for banks.
BoE updated the reporting template for Form ER as well as the Form ER definitions, which contain guidance on the methodology to be used in calculating annualized interest rates.