Featured Product

    BNM Publishes Policy Document on Risk Management in Technology

    July 18, 2019

    BNM published a policy document that sets out its requirements for the management of technology risk by financial institutions in Malaysia. In line with the proportionality principle, larger and more complex financial institutions are expected to demonstrate risk management practices and controls that are commensurate with the increased technology risk exposure of such institutions. The policy document comes into effect on January 01, 2020.

    All financial institutions shall observe minimum prescribed standards in the policy document to prevent the exploitation of weak links in interconnected networks and systems that may cause detriment to other financial institutions and the wider financial system. The control measures set out in Appendices 1 to 5 serve as a guide for sound practices in defined areas. Financial institutions should be prepared to explain the risk management practices that depart from the control measures outlined in the Appendices and to demonstrate their effectiveness in addressing the technology risk exposure.

    A financial institution must ensure that the technology risk management framework is an integral part of its enterprise risk management framework. The technology risk management framework must include the following:

    • Clear definition of technology risk
    • Clear assignment of responsibilities for the management of technology risk at different levels and across functions, with appropriate governance and reporting arrangements
    • Identification of technology risks to which the financial institution is exposed, including risks from the adoption of new or emerging technology
    • Risk classification of all information assets or systems, based on the "criticality"
    • Risk measurement and assessment approaches and methodologies
    • Risk control and mitigation
    • Continuous monitoring to timely detect and address any material risks


    Related Link: Policy Document (PDF)

    Effective Date: January 01, 2020

    Keywords: Asia Pacific, Malaysia, Banking, Insurance, Technology Risk, Governance, Operational Risk, Proportionality, BNM

    Related Articles

    FINMA Approves Merger of Credit Suisse and UBS

    The Swiss Financial Market Supervisory Authority (FINMA) has approved the takeover of Credit Suisse by UBS.

    March 21, 2023 WebPage Regulatory News

    BOE Sets Out Its Thinking on Regulatory Capital and Climate Risks

    The Bank of England (BOE) published a working paper that aims to understand the climate-related disclosures of UK financial institutions.

    March 13, 2023 WebPage Regulatory News

    OSFI Finalizes on Climate Risk Guideline, Issues Other Updates

    The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.

    March 12, 2023 WebPage Regulatory News

    APRA Assesses Macro-Prudential Policy Settings, Issues Other Updates

    The Australian Prudential Regulation Authority (APRA) published an information paper that assesses its macro-prudential policy settings aimed at promoting stability at a systemic level.

    March 07, 2023 WebPage Regulatory News

    BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending

    BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.

    March 03, 2023 WebPage Regulatory News

    HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks

    The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.

    March 02, 2023 WebPage Regulatory News

    MFSA Sets Out Supervisory Priorities, Issues Reporting Updates

    The Malta Financial Services Authority (MFSA) outlined its supervisory priorities for 2023

    March 02, 2023 WebPage Regulatory News

    German Regulators Issue Multiple Reporting Updates for Banks

    Deutsche Bundesbank published the nationally deactivated validation rules for the German Commercial Code (HGB) users on the taxonomy 3.2, which became valid from December 31, 2022

    March 02, 2023 WebPage Regulatory News

    BCBS Report Examines Impact of Basel III Framework for Banks

    The Basel Committee on Banking Supervision (BCBS) published results of the Basel III monitoring exercise based on the June 30, 2022 data.

    February 28, 2023 WebPage Regulatory News

    PRA Consults on Prudential Rules for "Simpler-Regime" Firms

    Among the recent regulatory updates from UK authorities, a key development is the first-phase consultation, from the Prudential Regulation Authority (PRA), on simplifications to the prudential framework that would apply to the simpler-regime firms.

    February 28, 2023 WebPage Regulatory News
    RESULTS 1 - 10 OF 8806