BSP Issues Rules for banksa[euro][TM] IT Risk Management

Article excerpt

The Bangko Sentral ng Pilipinas has issued the guidelines for the Information Technology or IT risk management of the banking system to manage and control their IT exposures.

BSP Governor Amando M. Tetangco Jr. said the Monetary Board approved the issuance of a circular on IT risk management. "Thru that issuance, the BSP communicates its expectation to banks to have an IT risk management process that can effectively identify, measure, monitor and control their technology risk exposure," he said.

The new circular contains standards consistent with internationally accepted best practices for the technology-related risk management process. As such, it allows bank management greater latitude in the design of the process that is adequate and effective relative to the complexity and sophistication of the bankas operations.

The BSP identified these risks to ensure common understanding between the BSP and the regulated banks. Technology related risks include operational risk, strategic risk, reputation risk, and compliance risk.

Tetangco explained that the new rule involves of the board of a bank and senior management in the technology risk management process. "Their responsibilities with respect to project implementation should be well understood, whether project implementation is undertaken using in-house resources, or through outsourcing and external alliances," he said. …