top of page


Bank Negara Malaysia (“BNM”) requires all the financial industries that registered with BNM to fulfil the guidelines of Risk Management in Technology (RMiT). RMiT is an industry practice that companies can proactively manage and monitor *technology-related risks in their businesses. The RMiT framework is a total solution that addresses three pillars:

  • Culture

  • Technology

  • Process

What are the policy requirements?

There are a few requirements that BNM has listed out for the financial industries to view which are :

  1. Responsibilities of the Board of Directors and Senior Management under the governance

  2. Technology Risk Management

  3. Technology Operations Management

  4. Cybersecurity Management

  5. Technology Audit

  6. Internal Awareness and Training

Who does this apply to?

A licensed person under the Financial Services Act 2013 (‘FSA’) and the Islamic Financial Services Act 2013 (‘IFSA’), excluding branches of a foreign professional reinsurer and a professional retakaful operator.

  • Licensed Bank

  • Licensed Investment Banks

  • Licensed Islamic Banks

  • Licensed Insurers including Professional Reinsurers Licensed Takaful Operators including Professional Retakaful Operators

  • Prescribed Development Financial Institutions

  • Approved Issuer of Electronic Money

  • Operator of a Designated Payment System

This policy document sets out the Bank’s requirements with regard to financial institutions’ management of technology risk. In complying with these requirements, a financial institution shall have regard to the size and complexity of its operations. Accordingly, larger and more complex financial institutions are expected to demonstrate risk management practices and controls that are commensurate with the increased technology risk exposure of the institution.

Leveraging on GemRain’s strong experience and expertise in RMiT for training, there is a new service solution available for the financial industries such as banks and insurance companies to fulfil BNM’s RMiT requirement.

*technology-related risks

Technology risk refers to risks emanating from the use of information technology (IT) and the Internet. These risks arise from failures or breaches of IT systems, applications, platforms or infrastructure, which could result in financial loss, disruptions in financial services or operations, or reputational harm to a financial institution.


bottom of page