SC’s Guidelines on Technology Risk Management Take Effect Today

Kuala Lumpur, 19 August 2024

The Securities Commission Malaysia’s (SC) revised Guidelines on Technology Risk Management (Guidelines) have come into effect on 19 August 2024. The Guidelines supersede the Guidelines on Management of Cyber Risk (GMCR)1

The Guidelines were initially released in August 2023 for capital market entities to be familiar with risk management practices, which now expand beyond cyber security to include technology risks, among others.

The revised Guidelines emphasise the significance of strengthening operational reliability, security and resilience against technology disruptions. The Guidelines also set out the SC’s expectations on risk management practices to be adopted by industry.

The key areas covered include ‘change management’ process, third party service providers, reporting requirements, technology audit, board oversight and accountability over technology risks.

The CrowdStrike outage highlights the vulnerability of our digital infrastructure and the widespread impact such incidents can have on organisations. It also emphasises the importance of regulations like the Guidelines in strengthening operational resilience practices.

In light of this incident, it is imperative that all capital market entities recognise the importance of observing the Guidelines. This not only protects against immediate technology risks, but also builds a resilient, secure, and ethical technological landscape for the future.

This initiative underscores the SC’s ongoing efforts to strengthen Malaysia’s capital market and investor confidence.

The SC has updated various related guidelinestoday following the implementation of the Guidelines. The SC has also made available a list of updated Frequently Asked Questions (FAQs) on the Guidelines to provide further clarity to capital market entities.

The revised Guidelines are available at https://www.sc.com.my/regulation/guidelines/technology-risk.


  1. All other SC guidelines that reference the GMCR will now be referred to the Guidelines instead.
  2. Capital market entities as defined in the Guidelines.
  3. Related SC guidelines include Guidelines on Recognized Markets, Guidelines on Compliance Function of Fund Management Companies, Guidelines on Digital Assets, Guidelines on Financial Market Infrastructures, Guidelines on Electronic Contract Notes and the Guiding Principles on Business Continuity.

Securities Commission Malaysia

SC AFFILIATES
RELATED SITES
about the SC
The Securities Commission Malaysia (SC) was established on 1 March 1993 under the Securities Commission Act 1993 (SCA). We are a self-funded statutory body entrusted with the responsibility to regulate and develop the Malaysian capital market.

General Line: +603-6204 8000
General Email: [email protected]
© Copyright Securities Commission Malaysia.  Contact Us   |    Disclaimer   |   The site is best viewed using Microsoft Edge and Google Chrome with minimum resolution of 1280x1024
Ooops!
Generic Popup