Securities Commission Malaysia revises Guidelines on Technology Risk Management, expanding beyond cyber security to include technology risks
27 September 2024
On 19 August 2024, the Securities Commission Malaysia (“SC”) revised the Guidelines on Technology Risk Management (“Guidelines”), which supersedes the Guidelines on Management of Cyber Risk.
The Guidelines, which were initially released in August 2023 to familiarise capital market entities with risk management practices, have been expanded beyond cyber security to include technology risks among other things. The Guidelines emphasise the significance of strengthening operational reliability, security, and resilience against technology disruptions and also set out SC’s expectations on risk management practices to be adopted by the industry.
The key areas covered include “change management” processes, third party service providers, reporting requirements, technology audit, board oversight, and accountability over technology risks.
Further to the implementation of the Guidelines, the following guidelines have also been revised to reflect consequential amendments and ensure alignment of requirements:
- Guidelines on Recognized Markets;
- Guidelines on Compliance Function for Fund Management Companies;
- Guidelines on Digital Assets;
- Guidelines on Financial Market Infrastructures;
- Guidelines on Electronic Contract Notes; and
- Guiding Principles on Business Continuity.