The State Bank of Pakistan has issued an Enterprise Technology Governance and Risk Management Framework for Financial Institutions.
The framework seeks to enable the regulation and management of risk that accompany the usage of technology. The instructions have been released in order to equip the financial institutions in their ability to regulate, monitor various facets with respect to usage of technology; security, operations, audits and other areas. The framework presented is not universal but custom in its application; it is binding upon all commercial banks, Islamic banks, Development Finance Institutions (DFIs) and Micro Finance Banks. The practical implication of the framework will take into account the risk, size, nature and types of products and services and also observing the complexity of the technology employed by the respective Financial Institutions.
SBP directed the financial institutions to exercise the framework with dexterity while determining the provisions applicable to their technology risk profile.
SBP has also advised the Financial Institutions to adopt the framework in gradual phases. Starting with gap analysis to determine the deviation between the current position and new framework, development and updating of the new framework followed by an on-the-ground implementation and finally review and generate feedback for its efficiency and implementation.
SBP has notified the banks to upgrade their systems, controls and procedures in line with new framework by 30th June, 2018