Page 62 - SC Annual Report 2018 (ENG)
P. 62

Securities
                   Commission
                    Malaysia
                  ANNUAL
                   REPORT
                   2018





                        In addition to improving efficiency, the risk   Within the SC, periodic reviews were carried out
                        surveillance indicators will provide an overall view on   on the state of preparedness of key functions in
                        key risk areas, enabling early detection of risk build up   managing incidents from external developments.
                        and the consideration of appropriate interventions.  In 2018, internal incident management procedures
                                                                        were reviewed and tested based on several
                                                                        scenarios. The scenario testing showed that the
                        Augmenting business continuity                  SC is able to manage and respond to incidents
                        capabilities                                    to ensure orderly functioning of the capital
                                                                        market. Additionally, departments in the SC have
                        Efforts in ensuring overall systemic resilience in   in place their own dedicated business continuity
                        the capital market were complemented by a focus   plans which were also tested through desktop
                        group consultation on the proposed framework    simulations.
                        on Business Continuity (Business Continuity
                        Framework). 75 responses were received from a
                        cross-section of capital market intermediaries and   Strengthening cyber risk management
                        market participants. Feedback was encouraging,
                        constructive and provided additional input for   The SC is committed to put in place effective and
                        refinement of the framework.                    efficient cyber resilience practices given the
                                                                        increased use and dependence on data and
                        The proposed Business Continuity Framework      electronic communications, greater complexity of
                        aims to set out six broad principles articulating   technologies in the financial markets and evolving
                        the SC’s expectation for market institutions and   cyber threats from a variety of sources.
                        intermediaries. The framework is expected to be
                        issued in 2019. (Diagram 9)



                        Diagram 9
                        Principles embedded in the Business continuity Framework

                                                     Business Continuity Framework

                          Principle  1    Principle  2    Principle  3    Principle  4    PrINCIPLE  5    Principle  6

                          Board and
                            senior          Major          Recovery
                         management       operational   objectives and                    Testing and   Maintenance
                         responsibility   disruptions     strategies   communication       training      and review

                          Endorsement     Risks of major    Recovery     Comprehensive     Conducted       Business
                          and approval     operational    objectives and   escalation    annually to ensure   continuity
                          of an effective   disruptions,    strategies are   procedures and   effectiveness   arrangements
                         framework that is   including     developed     communication    and relevance by   are maintained
                         proportionate to   interdependency    according to    plans are    incorporating   and regularly
                         the nature, scale   and concentration   risk-based    established and   evolving market   reviewed. Updates
                        and complexity of   risks are identified    principles.  embedded in the   practices, changes   or changes are
                            business     by the entities.               business continuity   in key personnel    acknowledged,
                           operations.                                   framework to    and any regulatory   approved and
                                                                          address any       updates.      endorsed by
                                                                          reputational                   board members
                                                                         risk from major                  and senior
                                                                          operational                    management.
                                                                          disruptions.




                   52  |  PART 2 »» SHAPING MARKET CONDUCT





              NEW_36-59.indd   52                                                                                        2/21/19   9:27 AM
   57   58   59   60   61   62   63   64   65   66   67