The evolving role of technology and automation
in the banking/financial services sector
is becoming increasingly complex. A growing
number of Banks/DFIs/Microfinance Banks
(hereinafter referred to as Financial Institutions
or FIs) are leveraging technology to offer
innovative products, efficient services
and venture into new business models.
2. As technology becomes an integral part
of the business and operations of FIs, such
technology usage and dependence, if not
properly managed, may heighten technology
risks. With a vision to provide baseline
technology governance and risk management
principles to the FIs, State Bank of Pakistan
has developed a framework on ‘Enterprise
Technology Governance & Risk Management
in Financial Institutions’.
3. This framework shall be integrated with
the FIs' overall enterprise risk management
program to identify, measure, monitor and
control technology risks. The framework
is not "one-size-fits-all" and
its implementation needs to be risk-based
and commensurate with the size, nature and
types of products/services offered and complexity
of technology operations of individual FI.
Further, FIs shall exercise sound judgment
in determining the applicable provisions
relevant to their technology risk profile
while implementing this framework. Senior
management of the FIs shall ensure the implementation
of this framework and Board of Directors
shall review the implementation status on
at least quarterly basis.
4. The FIs may follow a phased approach
towards implementation of the framework
starting with a gap analysis between their
current status and this framework, development/update
of the policy framework, on-the-ground implementation
and compliance reporting. Accordingly, FI(s)
are advised to upgrade their systems, controls
and procedures to ensure compliance with
this framework latest by June 30, 2018.
Please acknowledge receipt.
Encl: Enterprise Technology Governance &
Risk Management Framework for Financial
Institutions
.