The latest exposure draft issued by Malaysian’s Central Bank, Bank Negara Malaysia (BNM), is a reflection of the growing sentiment among financial service regulators in the region that financial institutions need to bolster their cyber defenses to afford its systems and customer data greater protection. The policy document is an exposure draft of the Risk Management in Technology policy document (RMiT Exposure Draft) with the proposal to bring it into force on 1 June 2019. The draft will affect licensed banks, insurers, takaful operators, prescribed development financial institutions, operators of a designated payment system, and eligible issuers of e-money.
Similarly, the Monetary Authority of Singapore (MAS), recently issued a consultation paper on Notice on Cyber Hygiene last 6 September. The paper endeavors to prescribe certain cyber security practices as baseline hygiene standards for cyber security.
BNM’s RMiT Exposure Draft is a move in the same direction. Given the scope and standards of the requirements introduced under the RMiT Exposure Draft, FIs should immediately take the opportunity to review their existing systems, frameworks and processes. This includes revising any existing policies that are similar to the technology risk management framework and cyber resilience framework to ensure that it meets the stipulated requirements. In addition, FIs should begin identifying appropriately qualified candidates for the various offices and positions; given the competition for talent in this space.
Issued last month, BNM’s RMiT Exposure Draft touches on the following areas:
- The responsibilities of board and senior management
- Appointment of a Chief Information Security Officer
- Standardization of data centers
- Clarity on the use of cloud services
- Due diligence on third-party service providers before critical technology functions and systems can be outsourced
Read the full client alert here.