The Securities Commission Malaysia’s (SC) revised guidelines on Technology Risk Management have come into effect on Monday (August 19, 2024).
The guidelines supersede the guidelines on Management of Cyber Risk (GMCR), SC said in a statement on Monday.
It is noted that the guidelines were initially released in August 2023 for capital market entities to be familiar with risk management practices, which now expand beyond cyber security to include technology risks, among others.
The revised guidelines emphasize the significance of strengthening operational reliability, security and resilience against technology disruptions.
The guidelines also set out the SC’s expectations on risk management practices to be adopted by industry.
The key areas covered include ‘change management’ process, third party service providers, reporting requirements, technology audit, board oversight and accountability over technology risks.
According to the statement, the CrowdStrike outage highlights the vulnerability of Malaysia’s digital infrastructure and the widespread impact such incidents can have on organizations.
It also emphasizes the importance of regulations like the guidelines in strengthening operational resilience practices.
In light of this incident, the SC reckoned that it is imperative that all capital market entities recognize the importance of observing the guidelines.
This not only protects against immediate technology risks, but also builds a resilient, secure, and ethical technological landscape for the future, said the statement.
SC also said this initiative underscores the its ongoing efforts to strengthen Malaysia’s capital market and investor confidence.
The SC has updated various related guidelines on Monday following the implementation of the guidelines.