SBP Tables New Draft Framework To Revamp IT Governance And Risk Management

The State Bank of Pakistan (SBP) has released a Framework draft for the financial institutions to manage risks and explore strategies associated with the use of latest technology. The draft, issued earlier this week, urges a maintenance of standards that matches international standards for IT governance.

The SBP also confirmed that the framework is compliant with quality standards set by the international community for technology governance and risk management in financial institutions. Moreover, it will serve as SBP’s baseline requirement for all financial institutions in the country. Furthermore, the new framework proposes reforms in IT strategy, organizational structures, roles of the board members and management staff and IT policy framework.

In an official statement released by the authority, it says:

“It aims to provide enabling regulatory environment for managing risks associated with use of technology.”

The proposed framework will cover all financial institutions: Commercial banks (public and private), Islamic banks, Development Finance Institutions (DFIs) and Microfinance banks (MFBs). Different kinds of institutions have different kinds of need for technology; therefore, the implementation model will be different for each one.

According to SBP, implementation of the new framework will be risk-based; moreover, it will commensurate with size, nature and types of products and services and scope of IT operations of the individual financial institution.

The SBP aims to create proactive and productive environments for financial institutions to improve IT operations, security, audit and management while complying with the new regulations. As per the SBP guidelines, financial institutions are required to evaluate and conduct a gap analysis between the existing and the proposed guidelines and set a time-bound action plan to bridge the gaps and comply with the guidelines.

The SBP encouraged interested firms and institutions/individuals from the financial sector, IT industry, academia and other concerned stakeholders to analyze the proposed draft framework and provide suggestions for its improvement.

The draft framework is open for comments and suggestions from interested stakeholders till March 31, 2017. Feedback can be submitted via email to

Click to comment

Leave a Reply

Your email address will not be published.

To Top