It is good to see that the State Bank regularly monitors the operational side of banks and provides the necessary guidelines when needed. In order to minimise the technology risks, it issued on 30th May, 2017 Enterprise Technology Governance and Risk Management Framework for Financial Institutions (FIs) to upgrade their systems, controls and procedures to ensure compliance in accordance with the new framework by 30th June, 2018. Senior management of FIs will monitor the implementation of this framework on an ongoing basis and the board of directors will review the implementation process on a quarterly basis. According to an SBP circular, the role of technology and automation in the banking/financial services is becoming increasingly complex and a growing number of FIs are leveraging technology to offer innovative products, efficient services and venture into new business models. Such a technology usage and dependence, if not properly managed, may heighten risks. The new framework has been developed to provide baseline technology governance and risk management principles to FIs. It was further elaborated that the new framework has been developed after extensive consultations with the stakeholders and is based on principles of international standards and best practices for technology governance and risk management including cyber security.
As is evident, the new framework on technology governance and risk management has been designed by the State Bank with the noble objective of persuading FIs to keep a watchful eye on the development of modern products and minimise the risks associated with them without hurting their innovative spirits. Such instructions are necessary in view of the recent intense competition between FIs to attract clients through new offerings based on up-to-date technology. Banks have also been pushed to follow this route by the SBP's advice to adopt branchless banking and e-banking to encourage its strategy for financial inclusion. However, it goes to the credit of the central bank that while trying to encourage the proactive environment in FIs to various aspects of the information technology, including operations and security, it has not shied away from protecting the sound banking principles. This will boost the stakeholders' confidence and encourage the use of technology and innovation in the financial system on a long-term basis. Another good thing is that the new "framework is not one-size-fits-all and implementation of the same will be risk-based and commensurate with size, nature and types of products and services and complexity of IT operations of the individual FI." In this connection, FIs are expected to exercise sound judgement to determine the applicable provisions relevant to their technology risk profile. Phased implementation of the framework would also make it easy for FIs to adopt a step-wise approach and the involvement of both the senior management and the board in the process would ensure more rationale and sound decisions on individual products. In a modern world, no country could afford to avoid the use of new technology and processes but could at least try to minimise their adverse effects and that is what the State Bank has tried to do through the new framework.