The RMiT PD came into effect on
1 June 2023 in respect of a licensed digital bank or licensed Islamic digital bank.
The RMiT PD supersedes the policy documents, circulars and guidelines listed in paragraph 7.1 of the RMiT PD. It is important to note that the Policy Document on Risk Management in Technology issued by BNM on 1 January 2020 will be superseded from 1 June 2023
except for paragraphs 10.49, 10.50, 10.51 and 10.52 thereof which will remain applicable until 31 May 2024 in respect of financial institutions described in paragraphs (a) and (b) above.
BNM has also issued a set of revised Frequently Asked Questions on Risk Management Information Technology to assist in the implementation of the revised policy requirements in the RMiT PD. The revised Frequently Asked Questions can be accessed
here.
Comments
The RMiT PD provides, among others, additional guidance and standards for financial institutions in the adoption of cloud services. For example, when conducting the comprehensive risk assessment prior to cloud adoption, financial institutions are required to not only address the risks associated with the location of the cloud infrastructure, but also any potential geo-political risks and legal risks that may impede compliance with any legal or regulatory requirements.
1
As cyberattacks and data security breaches become increasingly common, the enhancements introduced under the RMiT PD are welcomed and will serve to preserve public confidence in the Malaysian financial system.
Alert by Lee Ai Hsian (Partner) of the Banking and Finance Practice of Skrine.