The Guidelines also sets out the SC’s expectations on capital market entities when they manage their technology risk.

In formulating the Guidelines, the SC has taken into account feedback received from the Public Consultation Paper on The Proposed Regulatory Framework on Technology Risk Management, which was published last year.

Among the requirements set out in the Guidelines include the establishment and implementation of an effective technology risk framework, technology project management, technology service provider management and cyber security management by capital market entities.

The Guidelines will be applicable to all capital market entities licensed, registered, approved, recognised or authorised by the SC.

To allow sufficient time for capital market entities to familiarise and meet with the requirements of the Guidelines, the Guidelines is expected to come into effect in Q3 2024.

The SC will be engaging with related capital market entities to provide guidance, where required, on the requirements of the Guidelines. Any queries on the new Guidelines may be submitted to This email address is being protected from spambots. You need JavaScript enabled to view it..

The Guidelines are now available on the SC website at https://www.sc.com.my/regulation/guidelines/cyber-risk-and-technology-risk.