As per Section (7, 8, & 9) of the RMA Act 2010, objectives of the Royal Monetary Authority are to:

  1. Formulate and implement monetary policy with a view to achieving and maintaining price stability;
  2. Formulate and apply financial regulations and prudential guidelines to ensure the stability and integrity of the financial system, as empowered by this Act or by any other Act;
  3. Promote an efficient financial system comparable to international best practices;
  4. Promote, supervise and, if necessary, operate national and international payment and settlement system including electronic transfer of funds by financial institutions, other entities and individuals;
  5. Promote sound practices and good governance in the financial services industry to protect it against systemic risk; and
  6. Promote macro-economic stability and economic growth in Bhutan.

In pursuance of its objectives, the functions of the Royal Monetary Authority are to:

  1. Issue currency;
  2. Act as banker, adviser and financial agent to the Royal Government;
  3. Make regulations covering any payment and settlement system or a component thereof including electronic transfer of funds;
  4. Act as banker to the banks;
  5. Manage gold, foreign exchange and other international reserves of Bhutan;
  6. Make foreign exchange regulations;
  7. Issue licenses to financial institutions to carry on financial services; and
  8. Make regulations for the better carrying-out of the purposes and provisions of this Act, and any other Act administered by the Authority.
Policy Statement

Royal Monetary Authority of Bhutan (RMA) aims to achieve the Information Security vision by implementing Information Security Management System (ISMS).

Information is an important business asset of significant value to the company and needs to be protected from threats that could potentially disrupt Confidentiality, Integrity and its Availability. Information and information processing resources of RMA shall be maintained in a manner that ensures information access on a need to know and need to access basis as well as protect it from unauthorized or improper use.

This is intended to be achieved by continually improving our performance, systems, processes and information security.

Policy Objectives

The objective of this policy is to ensure that:

  1. Confidentiality of information is assured
  2. Integrity of information is maintained
  3. Availability of Information is assured by addressing proper Redundancies / Failovers and Information Security requirements
  4. Threats analysis and risk evaluation will be carried out on a continual basis
  5. Regulatory, legislative and contractual requirements are met
  6. Information Security is integral with the processes and work-flows
  7. Information Security training is imparted to all the staff members
  8. Security Policy violations and security weaknesses or threats are timely reported and investigated
  9. Policies, Procedures and other related documents will be developed, established, maintained and reviewed.

Policies and Procedures are base on ISO/IEC 27001:2013 framework is implemented to achieve the above objectives.

The Management and Information Secuirty Steering Committee (ISSC) is accountable for ensuring that ISMS policies and procedures are implemented, maintained and adhered by the employees.

All Department Heads including the Line Managers shall be directly responsible for implementing the Policy within their respective processes, and for adherence by their team members.

It shall be the responsibility of every staff to adhere to this Policy.