MAC MA Cyber Risk Management


On Dec. 11, MAC MA issued guidelines on cyber risk management.


  • MAC MA issued Guideline on technology and cyber risk management; offers principles and best practices for managing technology and cyber risks in financial institutions.
  • Document dated Dec. 11, 2023, received from MAC MA Dec. 18, summarized Dec. 20.
  • Key Features
  • Applicable to range of financial institutions including credit institutions, financial companies, cash remittance companies, and asset management companies.
  • Identifies risks including IT system failures, data loss, and operational disruptions.
  • Comprises six domains including risk management framework, governance, IT project management, service operations, cybersecurity, and response and recovery.
  • Emphasizes the establishment of a comprehensive risk management framework, including risk identification, assessment, mitigation, monitoring, review and reporting.
  • Outlines role of board, senior management in risk management, strategy formulation.
  • Recommends consistent IT project management, and secure system development.
  • Encourages consistent IT project management and secure system development practices; focuses on governance for stable and secure IT operations.
  • Underlines the need for strong cyber resilience and effective security controls, as well as outlines the necessity for plans to respond to disruptions and recover services.
  • Also includes aspects like budget and resource allocation, qualified staffing, third-party management, audit and compliance, IT asset management, and situational awareness.
  • Effectiveness
  • Authorized institutions are expected to comply with this guideline within 12 months.

Regulators MAC MA
Entity Types B/D; Bank; IA; Ins; Inv Co
Reference Cir 017/B/2023-DSB/AMCM, 12/11/2023
Functions BCS; C-Suite; Cyber; Exams; Financial; Operations; Reporting; Risk; Technology
Countries Macao (SAR)
Category
State
Products Banking; Fund Mgt; Insurance; Securities
Regions AP
Rule Type Final
Rule Date 12/11/2023
Effective Date 12/11/2024
Rule Id 195383
Linked to N/A
Reg. Last Update 12/11/2023
Report Section International

Last substantive update on 12/20/2023