The Guidelines were initially released in August 2023 for capital market entities to be familiar with risk management practices, which now expand beyond cyber security to include technology risks, among others.
The revised Guidelines emphasise the significance of strengthening operational reliability, security and resilience against technology disruptions. The Guidelines also set out the SC’s expectations on risk management practices to be adopted by industry.
The key areas covered include ‘change management’ process, third party service providers, reporting requirements, technology audit, board oversight and accountability over technology risks.
The CrowdStrike outage highlights the vulnerability of our digital infrastructure and the widespread impact such incidents can have on organisations. It also emphasises the importance of regulations like the Guidelines in strengthening operational resilience practices.
In light of this incident, it is imperative that all capital market entities recognise the importance of observing the Guidelines. This not only protects against immediate technology risks, but also builds a resilient, secure, and ethical technological landscape for the future.
This initiative underscores the SC’s ongoing efforts to strengthen Malaysia’s capital market and investor confidence. The SC has updated various related guidelines today following the implementation of the Guidelines. The SC has also made available a list of updated Frequently Asked Questions (FAQs) on the Guidelines to provide further clarity to capital market entities.
The revised Guidelines are available at https://www.sc.com.my/regulation/guidelines/cyber-risk-and-technology-risk .