Revised Policy Document on Risk Management in Technology (RMiT)
Embargo :29 Nov 2025
<!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-QCXBYX5C31"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-QCXBYX5C31'); </script>
Summary
The revised Risk Management in Technology (RMiT) policy document aims to strengthen financial institutions’ management of technology and cyber risks, improve service availability and resilience of financial services, and maintain public trust in the security of the financial system.
This policy document has been updated to include the following:
i. Expand the applicability to include non-bank Merchant Acquirer (MAs) and Intermediary Remittance Institution (IRIs) with more than 5% market share of transaction value or volume;
ii. Enhance financial institutions’ resilience to service disruptions, including the adoption of a customer-centric approach to managing intermittent issues.
iii. Heighten cyber security controls and practices in line with global standards and best practice;
iv. Strengthen the security of digital services through stronger fraud detection, proactive monitoring and customer empowerment;
v. Facilitate the secure adoption of new or advanced technology.
Issuance Date
28 November 2025
Effective Date
28 November 2025 except where otherwise stated explicitly in this policy document.
Issuing Department
Risk Specialist and Technology Supervision
Document
Bank Negara Malaysia
29 November 2025
© Bank Negara Malaysia, 2025. All rights reserved.