Page 64 - SC Annual Report 2018 (ENG)
P. 64

Securities
                   Commission
                    Malaysia
                  ANNUAL
                   REPORT
                   2018





                        The simulation was structured around multiple scenarios   representatives from industry associations to discuss
                        involving various types of cyber-attacks to assess:  cyber related issues via the Cyber Risk Working Group
                                                                        (CRWG). The CRWG was established to facilitate
                        •    Participants’ internal incident response protocol   collaboration and information sharing between
                             to remediate or resolve the situation;     members to enable the industry to collectively
                                                                        benefit from their respective experiences and raise
                        •    Interaction between capital market entities,   the level of cyber security within the capital market.
                             the SC, NACSA and other law enforcement
                             agencies with a focus on co-ordination,
                             information sharing or request for assistance;   Greater oversight of Bursa Malaysia’s
                             and                                        cyber risk management and
                                                                        outsourcing
                        •    Industry-wide communications, information
                             sharing, threat monitoring and decision-   In 2018, the SC also focused its regulatory
                             making during cyber-attack.                assessment on Bursa Malaysia’s management of
                                                                        cyber and outsourcing risks in light of its function
                        The simulation has enabled the capital market   as an exchange operator and other key financial
                        entities to improve protocols for incident      market infrastructures that depend significantly on IT
                        preparedness, response and recovery as well as   systems, network infrastructure and connectivity as
                        allowed the SC to refine industry best practices.  well as third-party service providers. The regulatory
                                                                        assessment was also a follow-up review to gauge
                                                                        the cyber risk management and compliance
                        Establishing a centralised cyber security       practices of Bursa Malaysia with the SC’s Guidelines
                        platform for the industry                       on Management of Cyber Risk.


                        With organisations increasingly relying on digitised
                        information and sharing vast amount of data     oversight of Federation of Investment
                        across the globe, financial institutions have become   Managers Malaysia
                        exposed to different forms of cyber-attack.
                                                                        Oversight of industry self-regulatory organisations
                        The SC has developed a central platform to enable    (SRO) remains a key supervisory focus for the SC. In
                        capital market entities to swiftly and securely report   2018, supervision of the Federation of Investment
                        their cyber incidents. The platform was launched on   Managers Malaysia (FIMM), a SRO for the unit
                        5 July 2018 for its pilot users while the remaining   trust and PRS industry, focused on enhancing the
                        capital market entities would be able to access the   effectiveness of enforcement to achieve better
                        system by January 2019.                         deterrence outcome particularly for more serious

                                                                        misconducts among unit trust and private retirement
                        Through this portal, capital market entities will be   scheme distributors and consultants.
                        able to leverage information to enhance situational
                        awareness and detection capabilities as well as more   The case referral framework was further enhanced in
                        effectively respond to and recover from incidents   2018 with the establishment of a Referral Working
                        based on the broadcasted threat information.    Group within the SC as a central point for referrals
                        The SC’s engagement with stakeholders continued   of serious misconduct cases. The Referral Working
                        in 2018 with quarterly engagement sessions with   Group also covered cases which are not within the





                   54  |  PART 2 »» SHAPING MARKET CONDUCT





              NEW_36-59.indd   54                                                                                        2/21/19   9:27 AM
   59   60   61   62   63   64   65   66   67   68   69