OBJECTIVES
As per Section (7, 8, & 9) of the RMA Act 2010, objectives of the Royal Monetary Authority are to:
-
Formulate and implement monetary policy with a view to achieving and maintaining price stability;
-
Formulate and apply financial regulations and prudential guidelines to ensure the stability and integrity of the financial system, as empowered by this Act or by any other Act;
-
Promote an efficient financial system comparable to international best practices;
-
Promote, supervise and, if necessary, operate national and international payment and settlement system including electronic transfer of funds by financial institutions, other entities and individuals;
-
Promote sound practices and good governance in the financial services industry to protect it against systemic risk; and
-
Promote macro-economic stability and economic growth in Bhutan.
FUNCTIONS
In pursuance of its objectives, the functions of the Royal Monetary Authority are to:
-
Issue currency;
-
Act as banker, adviser and financial agent to the Royal Government;
-
Make regulations covering any payment and settlement system or a component thereof including electronic transfer of funds;
-
Act as banker to the banks;
-
Manage gold, foreign exchange and other international reserves of Bhutan;
-
Make foreign exchange regulations;
-
Issue licenses to financial institutions to carry on financial services; and
-
Make regulations for the better carrying-out of the purposes and provisions of this Act, and any other Act administered by the Authority.
ISMS POLICY AND PROCEDURES
Policy Statement
Royal Monetary Authority of Bhutan (RMA) aims to achieve the Information Security vision
by implementing Information Security Management System (ISMS).
Information is an important business asset of significant value to the company and needs to
be protected from threats that could potentially disrupt Confidentiality, Integrity and its
Availability. Information and information processing resources of RMA shall be maintained
in a manner that ensures information access on a need to know and need to access basis as
well as protect it from unauthorized or improper use.
This is intended to be achieved by continually improving our performance, systems,
processes and information security.
Policy Objectives
The objective of this policy is to ensure that:
- Confidentiality of information is assured
- Integrity of information is maintained
- Availability of Information is assured by addressing proper Redundancies / Failovers and
Information Security requirements
- Threats analysis and risk evaluation will be carried out on a continual basis
- Regulatory, legislative and contractual requirements are met
- Information Security is integral with the processes and work-flows
- Information Security training is imparted to all the staff members
- Security Policy violations and security weaknesses or threats are timely reported and
investigated
- Policies, Procedures and other related documents will be developed, established,
maintained and reviewed.
Policies and Procedures are base on ISO/IEC 27001:2013 framework is implemented to
achieve the above objectives.
The Management and Information Secuirty Steering Committee (ISSC) is accountable for
ensuring that ISMS policies and procedures are implemented, maintained and adhered by the
employees.
All Department Heads including the Line Managers shall be directly responsible for
implementing the Policy within their respective processes, and for adherence by their team
members.
It shall be the responsibility of every staff to adhere to this Policy.