BNM Publishes Policy Document on Risk Management in Technology
BNM published a policy document that sets out its requirements for the management of technology risk by financial institutions in Malaysia. In line with the proportionality principle, larger and more complex financial institutions are expected to demonstrate risk management practices and controls that are commensurate with the increased technology risk exposure of such institutions. The policy document comes into effect on January 01, 2020.
All financial institutions shall observe minimum prescribed standards in the policy document to prevent the exploitation of weak links in interconnected networks and systems that may cause detriment to other financial institutions and the wider financial system. The control measures set out in Appendices 1 to 5 serve as a guide for sound practices in defined areas. Financial institutions should be prepared to explain the risk management practices that depart from the control measures outlined in the Appendices and to demonstrate their effectiveness in addressing the technology risk exposure.
A financial institution must ensure that the technology risk management framework is an integral part of its enterprise risk management framework. The technology risk management framework must include the following:
- Clear definition of technology risk
- Clear assignment of responsibilities for the management of technology risk at different levels and across functions, with appropriate governance and reporting arrangements
- Identification of technology risks to which the financial institution is exposed, including risks from the adoption of new or emerging technology
- Risk classification of all information assets or systems, based on the "criticality"
- Risk measurement and assessment approaches and methodologies
- Risk control and mitigation
- Continuous monitoring to timely detect and address any material risks
Related Link: Policy Document (PDF)
Effective Date: January 01, 2020
Keywords: Asia Pacific, Malaysia, Banking, Insurance, Technology Risk, Governance, Operational Risk, Proportionality, BNM
Previous ArticleCFTC and JFSA Announce Comparability of Derivatives Trading Venues
FINMA Approves Merger of Credit Suisse and UBS
The Swiss Financial Market Supervisory Authority (FINMA) has approved the takeover of Credit Suisse by UBS.
BOE Sets Out Its Thinking on Regulatory Capital and Climate Risks
The Bank of England (BOE) published a working paper that aims to understand the climate-related disclosures of UK financial institutions.
OSFI Finalizes on Climate Risk Guideline, Issues Other Updates
The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.
APRA Assesses Macro-Prudential Policy Settings, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) published an information paper that assesses its macro-prudential policy settings aimed at promoting stability at a systemic level.
BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending
BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.
HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks
The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.
MFSA Sets Out Supervisory Priorities, Issues Reporting Updates
The Malta Financial Services Authority (MFSA) outlined its supervisory priorities for 2023
German Regulators Issue Multiple Reporting Updates for Banks
Deutsche Bundesbank published the nationally deactivated validation rules for the German Commercial Code (HGB) users on the taxonomy 3.2, which became valid from December 31, 2022
BCBS Report Examines Impact of Basel III Framework for Banks
The Basel Committee on Banking Supervision (BCBS) published results of the Basel III monitoring exercise based on the June 30, 2022 data.
PRA Consults on Prudential Rules for "Simpler-Regime" Firms
Among the recent regulatory updates from UK authorities, a key development is the first-phase consultation, from the Prudential Regulation Authority (PRA), on simplifications to the prudential framework that would apply to the simpler-regime firms.