Thailand Office of Insurance Commission held an online briefing with the insurance industry on IT supervision and cyber threats and announced a new supervisory policy package that will take effect in 2026 (B.E. 2569). The direction is based on findings from the IT and Cyber Risk Assessment Framework (IT&CRAF) and IT audit reports, which the OIC used to frame areas where firms show strengths and weaknesses and where readiness needs to improve. The package centres on three measures: revising IT governance and technology risk management supervisory criteria to reflect current conditions and heightened cyber threat complexity, strengthening data governance expectations to improve data accuracy, reliability and security and to support transparent and auditable data use, and incorporating IT&CRAF results and IT audit reports into the Early Warning System. The expanded Early Warning System will move beyond financial stability analysis to also monitor insurers’ capability to manage IT risks. In parallel, the OIC said it has prepared draft guidance for insurers on applying artificial intelligence, emphasising transparency, fairness and security, and is pushing for greater digital data disclosure by insurance businesses.
Thailand Office of Insurance Commission 2025-09-22
Thailand Office of Insurance Commission announces 2026 reforms to insurers’ IT and cybersecurity supervision including IT assessments in the early warning system
The Thailand Office of Insurance Commission announced a new supervisory policy package effective in 2026, focusing on IT governance, technology risk management, and data governance to address cyber threats. It incorporates findings from the IT and Cyber Risk Assessment Framework and IT audit reports into an expanded Early Warning System to monitor insurers' IT risk management capabilities. Additionally, draft guidance on artificial intelligence application and enhanced digital data disclosure for insurers were discussed.