Bank Negara Malaysia's (RMIT) Policy Guideline mandates a digital bank to ensure that its Technology Risk Management Framework is an integral part of the digital bank’s Enterprise Risk Management Framework (ERM). The TRMF of a digital bank must include the following:
A digital bank must establish an independent enterprise-wide technology risk management function which is responsible for—
Are the technology system and platform for your digital bank secured? Is your digital bank managing the technology risks? How do your digital banking technology platform and systems compare to Industry standards?
Controls form an essential part of managing the use of technology by digital bank. Yet there is a balance of to be achieved between reducing risks and maximizing efficiency. Comparing a new digital bank at foundation stage to that of similar established digital banks can help the new digital bank get the optimum benefits from the identified controls. Benchmarking has a proven track records in improving quality and performance.
How can we help?
Technology is the lifetime of digital banks. Our Technology Risk Management Assessment (‘TRMA’) is a structured approach to assessing the risks and controls that will enable digital banks to assess the adequacy of the controls environments.
The TRMA is typically carried out for digital banks to ensure that key technology risks and exposures are given appropriate focus. We will consolidate, refine and build upon our existing understanding of digital bank's technology and system environment and the relative importance to the business area of each major element. We will then with the management and the Board of the digital bank to formulate an agreed universe of technology related risks applicable to the operations of the digital bank. Subsequently, we identify and prioritize significant areas of technology risk exposure on which to focus on for the current time and subsequent periods. Lastly, we will formulate an assessment of technology risks and controls, and provide practical recommendations to address any major control shortfalls identified by the review.
As part of our assessment, we will use benchmark the technology risk management practices of the digital bank against similar digital banks worldwide. Our risk management benchmarking methodology has been developed to:
A digital bank must designate a Chief Information Security Officer (CISO), to be responsible for the technology risk management function of the digital bank. The digital bank must ensure that the CISO has sufficient authority, independence and resources. The terms of reference of the CISO shall—
We provide CISO-As-A-Service (CAAS) and will be responsible for ensuring the digital bank’s information assets and technologies are adequately protected, which includes—implementing the TRMF and CRF;
Our CAAS maximize the values of your IT investments and information assets with help from our senior qualified resources. We work with digital banks to achieve measurable security enhancements and performance improvements, and to reduce administrative cost.
From assessing a digital bank's risk and designing controls to implementing effective security and technology governance processes, we are here to help you safeguard your information assets.