State Bank of Pakistan has issued draft Framework on IT Governance &
Risk Management for Financial
Institutions based on international
standards and recognized principles of
international practice for technology governance and risk management and shall
serve as SBP’s baseline requirement for all Financial Institutions (FIs).
It aims to provide enabling regulatory environment for managing risks associated with use of technology. The framework will apply to all FIs which includes commercial banks (public and private sector banks), Islamic banks, Development Finance Institutions (DFIs), and Microfinance Banks (MFBs).
The framework is not “one-size-fits-all” and implementation of the same shall be risk-based and commensurate with size, nature and types of products and services and complexity of IT operations of the individual FIs. The instructions are focused on enhancing the proactive and reactive environments in FIs to various facets and dimensions of the information technology, security, operations, audit and related domains and to create overall safe and secure technology operations in FIs which will benefit and enhance the confidence of all the stakeholders. The FIs are expected to assess and conduct a gap analysis between their current status and the guidelines and draw a time-bound action plan to address the gaps and comply with the guidelines.
No comments:
Post a Comment