Page 64 - SC Annual Report 2018 (ENG)
P. 64
Securities
Commission
Malaysia
ANNUAL
REPORT
2018
The simulation was structured around multiple scenarios representatives from industry associations to discuss
involving various types of cyber-attacks to assess: cyber related issues via the Cyber Risk Working Group
(CRWG). The CRWG was established to facilitate
• Participants’ internal incident response protocol collaboration and information sharing between
to remediate or resolve the situation; members to enable the industry to collectively
benefit from their respective experiences and raise
• Interaction between capital market entities, the level of cyber security within the capital market.
the SC, NACSA and other law enforcement
agencies with a focus on co-ordination,
information sharing or request for assistance; Greater oversight of Bursa Malaysia’s
and cyber risk management and
outsourcing
• Industry-wide communications, information
sharing, threat monitoring and decision- In 2018, the SC also focused its regulatory
making during cyber-attack. assessment on Bursa Malaysia’s management of
cyber and outsourcing risks in light of its function
The simulation has enabled the capital market as an exchange operator and other key financial
entities to improve protocols for incident market infrastructures that depend significantly on IT
preparedness, response and recovery as well as systems, network infrastructure and connectivity as
allowed the SC to refine industry best practices. well as third-party service providers. The regulatory
assessment was also a follow-up review to gauge
the cyber risk management and compliance
Establishing a centralised cyber security practices of Bursa Malaysia with the SC’s Guidelines
platform for the industry on Management of Cyber Risk.
With organisations increasingly relying on digitised
information and sharing vast amount of data oversight of Federation of Investment
across the globe, financial institutions have become Managers Malaysia
exposed to different forms of cyber-attack.
Oversight of industry self-regulatory organisations
The SC has developed a central platform to enable (SRO) remains a key supervisory focus for the SC. In
capital market entities to swiftly and securely report 2018, supervision of the Federation of Investment
their cyber incidents. The platform was launched on Managers Malaysia (FIMM), a SRO for the unit
5 July 2018 for its pilot users while the remaining trust and PRS industry, focused on enhancing the
capital market entities would be able to access the effectiveness of enforcement to achieve better
system by January 2019. deterrence outcome particularly for more serious
misconducts among unit trust and private retirement
Through this portal, capital market entities will be scheme distributors and consultants.
able to leverage information to enhance situational
awareness and detection capabilities as well as more The case referral framework was further enhanced in
effectively respond to and recover from incidents 2018 with the establishment of a Referral Working
based on the broadcasted threat information. Group within the SC as a central point for referrals
The SC’s engagement with stakeholders continued of serious misconduct cases. The Referral Working
in 2018 with quarterly engagement sessions with Group also covered cases which are not within the
54 | PART 2 »» SHAPING MARKET CONDUCT
NEW_36-59.indd 54 2/21/19 9:27 AM