Article

Latest Developments in Monetary Authority of Macao (AMCM) Guidelines

Publish date: 11 April 2024

As the modern financial services industry evolves and adopts emerging technologies and new business models amid emerging challenges, the Monetary Authority of Macao (AMCM) has been optimising its supervision of financial technology.

To improve regulatory compliance and security requirements while promoting development, in 2023 the AMCM further enhanced its guidelines on technology and operational risk management, including:

  • Guideline on Risk Management of Electronic Banking (Circular no. 005/B/2023-DSB/AMCM)
  • Guideline on Technology and Cyber Risk Management (Circular no. 017/B/2023-DSB/AMCM)
  • Guideline on Outsourcing (Circular no. 020/B/2023-DSB/AMCM)
  • Industry Guidance on Cloud Outsourcing Controls (Circular no. 021/B/2023-DSB/AMCM).

Authorized Institutions should conduct gap analysis on their existing control points as soon as possible to understand whether there are gaps or non-compliance issues, and complete related remediation measures within 12 months after the new guidelines come into effect. The following are brief introductions to revised control requirements under the new regulations:

1. Guideline on Risk Management of Electronic Banking

The AMCM issued this revised Guideline on 26 June 2023. This Guideline sets forth the key principles and provides guidance for authorized institutions to identify, assess and manage the risks associated with electronic banking from technology and operations perspectives. These revisions enhance the required security measures for financial products and services provided to customers via internet banking, self-service terminals and phone banking channels, and establish a fraud monitoring mechanism to identify, mitigate and reduce the risk of fraud.

2. Guideline on Technology and Cyber Risk Management

The technology and cyber risk landscape of the financial sector has been transforming rapidly, with many financial institutions pursuing digitalisation to enhance operational efficiency and provide better services to customers. To improve authorized institutions’ resilience to technology and cyber risk, the AMCM issued this revised Guideline on 11 December 2023 to replace the Guideline on Cyber Resilience (Circular No. 016/B/2019-DSB/AMCM). The new Guideline includes requirements related to the management of emerging technologies and the improvement of information technology development and operations, providing authorized institutions with a set of technology and cyber risk management principles and best practices.

3. Guideline on Outsourcing

With an increasing number of companies outsourcing their services, business operations, maintenance and business activities or functions to vendor services, associated risks have come to the fore. To ensure that all outsourcing arrangements of authorized institutions, particularly those involving material business activities or functions, are subject to appropriate due diligence, approval and on-going monitoring; the AMCM issued this revised Guideline on 28 December 2023. The Guideline outlines the AMCM’s supervisory approach to outsourcing arrangements by authorized institutions and major prudential issues to be considered when they enter outsourcing arrangements.

4. Industry Guidance on Cloud Outsourcing Controls

With the rise of cloud computing technology, authorized institutions in Macao are increasingly taking initiatives to explore the use of cloud computing services to enhance their operations. Although the adoption of cloud computing services provides advantages such as business agility, scalability and cost savings, it creates corresponding risks. The AMCM issued this Industry Guidance on 28 December 2023. The Industry Guidance outlines the AMCM’s requirements on cloud outsourcing arrangements and major prudential issues to be considered when entering cloud outsourcing arrangements.


How Can Deloitte Help?

We have prepared this overview of the updated technology and operational risk management guidelines, highlighting the key points of the revised requirements. Moreover, we have included information on how Deloitte can assist you in meeting your compliance obligations.

Should you have any inquiries, please do not hesitate to contact us. We look forward to engaging in discussion and addressing your questions.

Latest Developments in Monetary Authority of Macao (AMCM) Guidelines

English Version

Simple Chinese Version

Traditional Chinese Version

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

-video-no-top-padding- , -fullwidth-scc-

Did you find this useful?