Information Technology Risk Supervision

Information Technology Risk Supervision

The Bank of Thailand (BOT) places great importance on supervising information technology (IT) risk among service providers involved in payment systems, including payment system providers, payment system business providers, and payment service business providers. BOT aims to ensure that these entities can effectively manage IT risks with adequate safeguards, maintain security, and respond promptly to cyber threats. This approach is intended to help maintain the stability and resilience of the country’s payment systems, ensuring that the public can continue to use these services without interruption.

Financial technology has advanced rapidly, offering a wide range of financial services.

The volume and value of transactions conducted through mobile applications have increased significantly, and payment systems have experienced exponential growth over the past two to three years. IT now plays a critical role in business operations, serving as an essential infrastructure that enhances efficiency, reduces operational costs, and improves access to financial services. Therefore, IT risks require robust and effective supervision to foster public confidence in the convenience, safety, and stability of payment services.

Financial Security in IT aspect

BOT prioritizes IT risk management

including strengthening IT security controls for payment system-related service providers to keep pace with evolving risks and changing business practices through various processes and tools.

Regulations

Regulations

Notification, policy, guideline and self-assessment form
IT Audit

Auditing

Evaluating the quality of IT governance and operations
Governance

การกำกับดูแล

Significant IT changes related to payment services, such as monitoring significant irregular activities that could affect the payment system, together with the launch of new products

Moreover, monitoring significant irregular activities that could affect the service provision or overall business operations of providers, causing enterprise-wide impact or widespread impact on the payment system to ensure that payment system-related service providers (e-Payment) uphold IT and cyber risk management standards that are on par with international benchmarks and are prepared to support the future growth in transaction volume and diverse financial services.

Supervision is grounded in three fundamental principles

These principles are intended to encourage payment system-related service providers to prioritize IT risk management and to manage risks appropriately in accordance with the organization's risk level.

ดูแลและบริหารจัดการความเสี่ยงด้าน IT

IT risk management

1. Manage and oversee IT risk for payment system-related service providers and external parties who use, connect to, or access critical information systems (third parties) of payment system-related service providers efficiently and securely.

IT risk supervision

IT risk supervision

2. Supervise IT risk in alignment with the nature of business operations, transaction volumes, technological complexity, and related risks, such as operational risk, strategic risk, reputational risk, and legal risk. Emphasis is placed on IT risk supervision as an integral part of the institution’s overall enterprise risk management (ERM).
Three Lines of Defense Structure

Three Lines of Defense Structure

3. Establish an overall governance structure that supports appropriate IT risk management in accordance with the three lines of defense approach, ensuring clear separation of responsibilities at all levels.

 In B.E. 2564 (2021), BOT also raised the standards for IT and cyber risk management for payment system-related service providers to meet international benchmarks.

This was done by issuing IT risk management measures and minimum cyber hygiene practices for payment system-related service providers to implement.

Financial Security in IT aspect

Our use of cookies

The Bank of Thailand (BOT) uses necessary cookies to make our site work. The BOT would also like to use some non-essential cookies (namely Functionality cookies, Statistic for Performance and Marketing cookies) to help us improve the site. By clicking “Accept recommended cookies” on the banner, you accept our use of optional cookies. For more information on how these cookies work, please read our Cookie policy.

Necessary
cookies		Non-essential
cookies

Option

YesYes
YesNo

 

Strictly necessary cookies

These cookies enable core functionality and services of the BOT’s website so that you can navigate around any sections of the website securely and efficiently.

Functionality and Analytics cookies

These cookies enable the BOT’s website to recognize your preference setting, and also deliver additional functionality and contents in conformity with personalization. These also allow us to observe how you interact with the BOT’s website, and to conduct data analytics for performance enhancement including service appearance of the website.

Latest search :

Popular Keyword :

EXCHANGE RATE popular keyword:EXCHANGE RATE #Monetary Policy Committee Decision #Banking Sector Quarterly Brief