SBP has issued draft Framework on IT Governance in banks


The State Bank of Pakistan (SBP) has issued draft Framework on IT Governance and Risk Management for Financial Institutions for comments/feedback from interested parties.

The framework is based on international standards and recognised principles of international practice for technology governance and risk management, and shall serve as SBP’s baseline requirement for all Financial Institutions (FIs). It aims to provide an enabling regulatory environment for managing risks associated with the use of technology.

The framework will apply to all FIs which includes commercial banks (public and private sector banks), Islamic banks, Development Finance Institutions (DFIs), and Microfinance Banks (MFBs). The framework is not “one-size-fits-all” and the implementation of the same shall be risk-based and commensurate with size, nature and types of products and services and complexity of IT operations of the individual FIs.

The instructions are focused on enhancing the proactive and reactive environments in FIs to various facets and dimensions of the information technology, security, operations, audit and related domains and to create overall safe and secure technology operations in FIs which will benefit and enhance the confidence of all the stakeholders. The FIs are expected to assess and conduct a gap analysis between their current status and the guidelines and draw a time-bound action plan to address the gaps and comply with the guidelines.

SBP invites the interested parties, institutions or individuals, from banking sector, IT industry, academia and other stakeholders to review the proposed draft framework and provide comments/feedback, if any, at the following email address: [email protected]

The draft framework is open for comments/feedback from interested parties till March 31, 2017

Comments are closed, but trackbacks and pingbacks are open.