The Securities Commission Malaysia, the country’s financial regulator, has introduced new technology risk management guidelines in an effort to bolster best practices in its capital markets, as more and more individuals rely on tech-based solutions. 

Under the new Guidelines on Technology Risk Management, published last week, all licensed, registered, approved, recognized and authorized capital market entities will be required to establish, as well as, implement an effective technology risk framework. 

“Expectations are that capital market entities,” it states, “will embrace these guidelines to bolster their technology risk management capabilities effectively.”

Under the technology risk management framework, corporations are tasked to ensure that its board, senior management, employees and agents “attend cybersecurity awareness training programmes at least annually”.  The technology risk management framework must also be reviewed and updated periodically.

Capital market entities are also required to establish a technology audit plan that provides appropriate coverage of critical technology. The audit must also be carried out regularly to ensure that it is in compliance with applicable laws and other relevant regulatory and industry guidelines.

The same guidelines also detail capital market entities’ technology project, technology service provider and cyber security management requirements.

The new guidelines were published a year after the regulator took into account feedback provided by relevant stakeholders and after it published its public consultation paper on the proposed guidelines last year. The new rules are expected to come into effect in the third quarter of 2024.