The Securities Commission Malaysia’s (SC) revised Guidelines on Technology Risk Management (Guidelines) have come into effect on 19 August 2024. The Guidelines supersede the Guidelines on Management of Cyber Risk (GMCR)1.
The Guidelines were initially released in August 2023 for capital market entities2 to be familiar with risk management practices, which now expand beyond cyber security to include technology risks, among others.
The revised Guidelines emphasise the significance of strengthening operational reliability, security and resilience against technology disruptions. The Guidelines also set out the SC’s expectations on risk management practices to be adopted by industry.
The key areas covered include ‘change management’ process, third party service providers, reporting requirements, technology audit, board oversight and accountability over technology risks.
The CrowdStrike outage highlights the vulnerability of our digital infrastructure and the widespread impact such incidents can have on organisations. It also emphasises the importance of regulations like the Guidelines in strengthening operational resilience practices.
In light of this incident, it is imperative that all capital market entities recognise the importance of observing the Guidelines. This not only protects against immediate technology risks, but also builds a resilient, secure, and ethical technological landscape for the future.
This initiative underscores the SC’s ongoing efforts to strengthen Malaysia’s capital market and investor confidence.
The SC has updated various related guidelines3 today following the implementation of the Guidelines. The SC has also made available a list of updated Frequently Asked Questions (FAQs) on the Guidelines to provide further clarity to capital market entities.
The revised Guidelines are available at https://www.sc.com.my/regulation/guidelines/cyber-risk-and-technology-risk .
- All other SC guidelines that reference the GMCR will now be referred to the Guidelines instead.
- Capital market entities as defined in the Guidelines.
- Related SC guidelines include Guidelines on Recognized Markets, Guidelines on Compliance Function of Fund Management Companies, Guidelines on Digital Assets, Guidelines on Financial Market Infrastructures, Guidelines on Electronic Contract Notes and the Guiding Principles on Business Continuity.
