On 1 January, 2020 Bank Negara Malaysia released its Policy Document on Risk Management in Technology (RMiT), a 50-page document that sets out the Central Bank’s requirements with regards to financial institutions’ management of technology risk.
In this age of momentous technological advancement and disruption, coupled with the challenges posed by fintech and digital banks, the ability of traditional banks to transform themselves to remain agile and meet the needs of tech-savvy, connected and informed customers is crucial to their sustainability and survival. The current pandemic has also significantly accelerated customer digital embracement, new ways of working (remotely) and new business models which further heighten the criticalness of pre-planned, preventive and effective technology and cyber risk management by financial institutions.
A financial institution that is able to ride the path of digital transformation (arising from the intersection of cloud computing, big data, Internet of Things, and Artificial Intelligence) stands to gain a strong competitive edge over its peers in the financial industry. Technology today is more than an enabler, it has become a strategy.
- How can financial institution boards manoeuvre and manage the host of new responsibilities required in the RMiT Policy Document?
- In terms of governance, who in the board should be delegated with the responsibility to oversee technology risk?
- Should a specific board committee be established to focus on the management of technology risk and how wide should its coverage be?
- How can the board better understand the financial institution’s technology risk appetite? How should a financial institution’s technology risk appetite be derived and approved?
- How can the board ensure that the financial institution’s Technology Risk Framework is sound and robust, not forgetting the need for cyber resilience at all times?
These are some of the questions that need to be adequately answered for financial institution boards to remain effective.
Who should attend?
- Directors of banks and insurance companies
- Board risk management committees of financial institutions