Embracing the Digital Age

While the SC welcomes digital innovations which are beneficial to the capital market, it is also cognisant of the potential risks associated with the digital space. In particular, increased adoption of digitisation in capital market activities, operations of market intermediaries, market infrastructure, and market-based financing platforms call for vigilant management of cyber security risk to minimise disruption to the capital market, protect investors’ confidential data, and preserve market confidence.

Greater use of data and technology will enable the SC to improve its oversight, surveillance, and analytical capabilities as well as support forward-looking supervision and policymaking. This will also complement the adoption of RegTech within the industry, improving compliance outcomes, strengthening reporting, and better managing key risks for greater overall efficiency.

Enhancing Cyber Resilience

Rapidly evolving cyber security threats present a growing challenge for organisations globally. As part of efforts to promote a strong cyber security culture within capital market entities, the SC had undertaken various programmes to improve cyber hygiene and increase awareness of cyber risks.
  • Capital Market Cyber Simulation 2021
    The SC collaborated with the National Cyber Security Agency and Cyber Security Malaysia to co-ordinate the fourth annual cyber simulation for capital market entities. A total of 101 companies participated in the simulation (an increase of nine from 2020), including those that are technology-dependent and have a high financial impact on the capital market. The primary objective of this exercise was to evaluate the efficiency and weaknesses of the existing cyber security incident response procedures, and the results obtained were subsequently used to evaluate the cyber security resilience of the capital market entities.

    In 2021, tougher scenarios were simulated with a theme of ‘Double Extortion Impacting Capital Market’. This is in line with the SC’s observations on the global threat landscape, where instead of just encrypting files, cyber-criminals employ double extortion ransomware that exfiltrates the data first. For example, where organisations refuse to pay the demanded ransom, their information may be leaked online or sold on the dark web.

    Based on the simulation exercise, the SC’s overall observation was that participants gained more experience and skills in cyber security and incident handling when given tougher scenarios year after year. The simulation met the objective of improving awareness and prompt response to cyber-attacks that broadly threaten the capital market.
  • Threat intelligence
    To inculcate more robust cyber security advisory and communication to the capital market, the SC explored the cyber security pool expertise to obtain globally sourced, enriched, and actionable industry-specific cyber intelligence. The cyber security intelligence experts, being an international trusted hub for cyber intelligence sharing, support the SC in maintaining a robust and dynamic cyber security framework for the Malaysian capital market. In 2021, the SC released a number of advisories to capital market entities via its cyber security portal, the SC Vault7 to ensure that they were informed on effective mitigation and are taking proactive actions against cyber threats.
  • Compliance to Guidelines on Management of Cyber Risk and Cyber Defence Survey
    As part of efforts to strengthen the market’s cyber security resilience, the SC undertook a self-declaration exercise on the compliance status of capital market entities with the SC’s Guidelines on Management of Cyber Risk. Following the self-declaration exercise, the SC conducted a survey on cyber defence assessment which focused on areas of prevention, detection, and timely responses to attacks or threats. From the survey, the SC identified which cyber security efforts required further enhancements in order to effectively mount an agile cyber defence.
  • Monitoring of Market Cyber Incidents
    In 2021, the world witnessed a large scale of security vulnerabilities and cyber-attacks, impacting organisations of all sizes, especially those with limited awareness and capability to defend themselves. Locally, the SC observed higher occurrences of ransomware, data breaches, and phishing compared to 2020. This demonstrated the growing challenges relating to cyber security and privacy protection, which further amplified the necessity for the SC to continuously engage the industry and augment the industry’s response and recovery capabilities.
7 The SC Vault is a cyber-security portal that the SC uses to engage with all capital market entities since it went live in 2018. Apart from advisories, the SC Vault portal is also used by capital market entities to report any cyber related incidents to the SC.

Embracing Supervisory Technology

In line with the SC’s SupTech efforts, data analytic tools were developed to complement its core market surveillance system in the course of analysing trading activities. The data analytics tools are based on a quantitative model to support deep analyses of large and complex trading data and the identification of patterns such as potential trading clusters among market participants. This enabled the SC to achieve greater efficiency in analysing possible market misconducts.

For example, in order to facilitate more efficient oversight and monitoring of increasingly active trading activities in digital assets, the SC deployed in-house data analytics expertise to develop and enhance monitoring dashboards that are fit-for-purpose in providing relevant insights and analyses of voluminous DAX trading data. Additionally, the SC also conducted engagements with the registered DAXs to address any trading concerns and to continue facilitating the development of market participants within the regulated digital assets framework.

The first phase of the SupTech project involved a pilot exercise covering fund investments. Further information on this pilot project is provided in Figure 6.
Related Links
© Copyright Securities Commission Malaysia | Contact UsDisclaimer | The site is best viewed using Internet Explorer 11 and Google Chrome with minimum resolution of 1280x1024
Follow us on:
Ooops!
Generic Popup