Bank Negara Malaysia issued a revised Risk Management in Technology (RMiT) policy document to strengthen financial institutions’ management of technology and cyber risks, improve service availability and resilience, and support trust in the security of the financial system. The update expands applicability to include non-bank Merchant Acquirers and Intermediary Remittance Institutions with more than 5% market share of transaction value or volume. It also introduces measures to enhance resilience to service disruptions, including a customer-centric approach to managing intermittent issues, heightens cyber security controls and practices in line with global standards and best practice, strengthens digital service security through stronger fraud detection, proactive monitoring and customer empowerment, and facilitates the secure adoption of new or advanced technology. The revised policy takes effect immediately except where otherwise specified in the document.
Bank Negara Malaysia 2025-11-28
Bank Negara Malaysia revises Risk Management in Technology policy to widen scope to major non-bank payment and remittance firms and tighten cyber and operational resilience expectations
Bank Negara Malaysia updated its Risk Management in Technology policy to enhance financial institutions' management of technology and cyber risks. It now includes non-bank Merchant Acquirers and Intermediary Remittance Institutions with significant market share, introducing measures for service resilience and cybersecurity. The policy aligns with global standards, emphasizing fraud detection, proactive monitoring, and secure technology adoption.