Bank Negara Malaysia (“BNM”) requires all the financial industries that registered with BNM to fulfil the guidelines of Risk Management in Technology (RMiT). RMiT is an industry practice that companies can proactively manage and monitor *technology-related risks in their businesses. The RMiT framework is a total solution that addresses three pillars:
Culture
Technology
Process
What are the policy requirements?
There are a few requirements that BNM has listed out for the financial industries to view which are :
Responsibilities of the Board of Directors and Senior Management under the governance
Technology Risk Management
Technology Operations Management
Cybersecurity Management
Technology Audit
Internal Awareness and Training
Who does this apply to?
A licensed person under the Financial Services Act 2013 (‘FSA’) and the Islamic Financial Services Act 2013 (‘IFSA’), excluding branches of a foreign professional reinsurer and a professional retakaful operator.
Licensed Bank
Licensed Investment Banks
Licensed Islamic Banks
Licensed Insurers including Professional Reinsurers Licensed Takaful Operators including Professional Retakaful Operators
Prescribed Development Financial Institutions
Approved Issuer of Electronic Money
Operator of a Designated Payment System
This policy document sets out the Bank’s requirements with regard to financial institutions’ management of technology risk. In complying with these requirements, a financial institution shall have regard to the size and complexity of its operations. Accordingly, larger and more complex financial institutions are expected to demonstrate risk management practices and controls that are commensurate with the increased technology risk exposure of the institution.
Leveraging on GemRain’s strong experience and expertise in RMiT for training, there is a new service solution available for the financial industries such as banks and insurance companies to fulfil BNM’s RMiT requirement.
Please refer to the link below for more details https://www.bnm.gov.my/documents/20124/963937/Risk+Management+in+Technology+%28RMiT%29.pdf/810b088e-6f4f-aa35-b603-1208ace33619?t=1592866162078
*technology-related risks
Technology risk refers to risks emanating from the use of information technology (IT) and the Internet. These risks arise from failures or breaches of IT systems, applications, platforms or infrastructure, which could result in financial loss, disruptions in financial services or operations, or reputational harm to a financial institution.