The State Bank of Pakistan (SBP) has issued a draft framework on IT governance and risk management, which will work as instructions for banks and other financial institutions.
Based on international standards and known principles of international practice, the framework which has been issued will be helpful for technology governance and risk management, and shall help as SBP’s base-line requirement for all Financial Services Institutions (FSI), including commercial banks (public and private sector banks), Islamic banks, Development Finance Institutions (DFIs), and Microfinance Banks.
“It aims to provide enabling regulatory environment for managing risks associated with use of technology. The framework is not one-size- fits-all and the implementation of the same will be risk-based. And commensurate with size, nature and types of products and services and complexity of IT operations of the individual financial institutions.”
The instructions are focused on upgrading the proactive and reactive environments in FIs to different facets and dimensions of the information technology, security, operations, audit and related domains. And to create overall safe and secure technology operations in FIs which will assist and augment the confidence of all the stakeholders.
FIs will be helpful in assessing and conducting gap analysis between their present status and the guidelines. And draw a time-bound action plan to address the loopholes and comply with the guidelines.
Interested parties, institutions or individuals, from banking sector, IT industry, academia and other stakeholders are welcomed by SBP to review the draft framework.