KARACHI: The State Bank of Pakistan (SBP) on Tuesday issued
draft framework on IT governance and risk management that will work as
guidelines for banks and other financial institutions.
The framework is based on international standards and recognised
principles of international practice for technology governance and risk
management and will serve as the SBP’s base-line requirement for all financial
institutions.
“It aims to provide enabling regulatory environment for managing
risks associated with use of technology,” said the SBP.
The framework will apply to all financial institutions, which
include commercial banks, Islamic banks, development finance institutions
(DFIs) and microfinance banks. The framework is not one-size- fits-all and the
implementation of the same will be risk-based and commensurate with size,
nature and types of products and services and complexity of IT operations of
the individual financial institutions, said the SBP.
Instructions are focused on enhancing the proactive and reactive
environments in financial institutions to various facets and dimensions of IT,
security, operations, audit and related domains, it said.
Financial institutions are expected to assess and conduct a gap
analysis between their current status and the guidelines and draw a time-bound
action plan to address the gaps and comply with the guidelines.
The SBP invited interested parties and institutions/individuals
from the banking sector, IT industry, academia and other stakeholders to review
the proposed draft framework and provide feedback.
No comments:
Post a Comment