Addressing BNM’s Cloud & Data Risk Management in Technology (RMiT) in Malaysia
Thales helps financial institutions in Malaysia address risks from adopting cloud and other technological innovations.
The financial industry in Malaysia geared up for change after the Bank Negara Malaysia (BNM) released a Risk Management in Technology (RMiT) Policy for Financial Institutions in 2020. RMiT highlights the need to provide and enable a secure framework for technological innovation, as the country and businesses operating in Malaysia shift toward digitization. BNM issued an updated Policy Document on RMiT on 1 June 2023 to preserve public confidence in the financial system.
As the leader in digital security and identity, Thales helps financial institutions comply with Cloud and Data Risk Management in Technology (RMiT) by addressing 6 policy category domains.
Regulation Overview
Bank Negara Malaysia (BNM)’s Risk Management in Technology (RMiT) policy intended to formalize the risk management programs used when adopting cloud and other technological innovations in Malaysian financial institutions (FIs).
BNM issued an updated new Policy Document (PD) on Risk Management in Technology on 1 June 2023. All financial institutions shall implement robust risk management controls above the minimum regulatory standards to deliver efficient financial services securely and prevent the exploitation of weak links in interconnected networks and systems with robust cyber fortification to preserve public confidence in the financial system.
The key updates to the RMiT PD include:
BNM’s RMiT policy document was come into effect on January 1, 2020. The updated PD is released and effective on 1 June 2023 and supersedes the previous policy document on 1 January 2020 except for paragraphs 10.49, 10.50, 10.51 and 10.52 which will remain applicable until 31 May 2024.
As the leader in digital security and identity, Thales can help organizations address and comply with respective mandates of BNM’s RMiT policy with our integrations with Cloud Service Providers, such as Microsoft Azure, Amazon Web Services (AWS); Google Cloud Platform (GCP), and more.
Our solutions support the RMiT policy categories under the following domains:
System Development and Acquisition:
Cryptography:
Data Centre Operations:
Cloud Services:
Access Control:
Key Risks and Control Measures for Cloud Services: CipherTrust Data Security Platform, CipherTrust Tokenization solutions, CipherTrust Transparent Encryption, CipherTrust Key Management, CipherTrust Cloud Key Management and HSM.
The financial industry in Malaysia geared up for change after the Bank Negara Malaysia (BNM) released a Risk Management in Technology (RMiT) Policy for Financial Institutions in 2020. RMiT highlights the need to provide and enable a secure framework for technological...
This eBook illustrates how a financial institution addresses advisory from the Monetary Authority of Singapore with Thales Data Security Solutions, it covers the following requirements:What is the Advisory on Addressing the Technology and Cyber Security Risks Associated with...
This framework is a crucial addition to SEBI's existing guidelines on cloud computing and is designed to help REs implement secure and compliant cloud adoption practices.
This paper describes security best practices for protecting sensitive data in the public cloud, and explains concepts such as BYOK, HYOK, Bring Your Own Encryption (BYOE), key brokering and Root of Trust (RoT). It explains the level of data protection that can be achieved by...
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.
Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.