The latest exposure draft issued by Malaysian’s Central Bank, Bank Negara Malaysia (BNM), is a reflection of the growing sentiment among financial service regulators in the region that financial institutions need to bolster their cyber defenses to afford its systems and customer data greater protection. The policy document is an exposure draft of the Risk Management in Technology policy document (RMiT Exposure Draft) with the proposal to bring it into force on 1 June 2019. The draft will affect licensed banks, insurers, takaful operators, prescribed development financial institutions, operators of a designated payment system, and eligible issuers of e-money.

Similarly, the Monetary Authority of Singapore (MAS), recently issued a consultation paper on Notice on Cyber Hygiene last 6 September. The paper endeavors to prescribe certain cyber security practices as baseline hygiene standards for cyber security.

BNM’s RMiT Exposure Draft is a move in the same direction. Given the scope and standards of the requirements introduced under the RMiT Exposure Draft, FIs should immediately take the opportunity to review their existing systems, frameworks and processes. This includes revising any existing policies that are similar to the technology risk management framework and cyber resilience framework to ensure that it meets the stipulated requirements. In addition, FIs should begin identifying appropriately qualified candidates for the various offices and positions; given the competition for talent in this space.

Issued last month, BNM’s RMiT Exposure Draft touches on the following areas:

  • The responsibilities of board and senior management
  • Appointment of a Chief Information Security Officer
  • Standardization of data centers
  • Clarity on the use of cloud services
  • Due diligence on third-party service providers before critical technology functions and systems can be outsourced

Read the full client alert here.


Sue Wan Wong is a Partner in the Corporate, Commercial & Securities Practice Group of Wong & Partners, the member firm of Baker & McKenzie International in Malaysia. Her practice includes advising on a suite of financial services regulatory matters, including on establishment of financial service providers, regulatory enquiries, marketing of financial products and financial services compliance. Sue Wan is also a member of the US-ASEAN Business Council (Financial Services Committee) and the Secretary of the FinTech Association of Malaysia.

Brian Chia

Brian Chia is the co-leader of Baker McKenzie's AP Insurance Group. He also heads the Corporate, Commercial & Securities Practice Group of Wong & Partners (Malaysia).


Serene Kan is a senior associate in the Corporate, Commercial & Securities Practice Group of Wong & Partners. She has also advised clients on a range of issues relating to corporate commercial, competition, securities and real property law in Malaysia. Serene’s commercial contracting experience includes advising on contracts in relation to outsourcing, services distribution, technology licenses, marketing, product distribution and manufacturing. Her experience includes working on critical commercial contracts in the context of a strategic alliance, including on joint ventures.