20 December 2018
On 4 September 2018, Bank Negara Malaysia (“BNM”) issued an exposure draft of the Risk Management in Technology policy document (“RMiT Exposure Draft”) which sets out the BNM’s expectations with regard to financial institutions’ technology risk management framework and practices proportionate to the size and complexity of the financial institutions.
The RMiT Exposure Draft seeks to introduce minimum standards on technology risk and cyber security management by financial institutions in Malaysia and comes into effect on 1 June 2019.
The standards set out in the RMiT Exposure Draft will apply to licensed banks, licensed insurers, licensed takaful operators, prescribed development financial institutions, operators of a designated payment system and eligible issuers of e-money.
It sets out, among other things, board and senior management responsibilities, the requirement for a chief information security officer and due diligence requirements on third-party service providers.