Regulatory alignment

RMiT alignment

How the Sentient Spire portfolio supports Bank Negara Malaysia's Risk Management in Technology (RMiT) Standards — mapped to the exact enforceable clauses your risk team checks.

Bank Negara Malaysia's Risk Management in Technology (RMiT) policy (BNM/RH/PD 028-98, effective 28 November 2025) applies to licensed banks, insurers and takaful operators, prescribed development financial institutions, approved e-money issuers, designated payment-system operators and other regulated institutions.

RMiT marks each requirement as a Standard (S) — mandatory and enforceable — or Guidance (G). The mapping below references only the enforceable Standards, cited verbatim. Sentient Spire supplies the capabilities and evidence that support these Standards; accountability for compliance remains with the financial institution.

Where Sentient Spire maps to RMiT

S 11.9

Security operations & continuous monitoring

The Standard

Continuous, proactive monitoring and timely anomaly detection, including operating a Security Operations Centre (SOC) and conducting vulnerability assessment and penetration testing.

How Sentient Spire supports it

Argus + QCS — an AI-driven SOC that runs continuous monitoring and detection, deployable on sovereign, in-country infrastructure.

S 11.10S 11.19

Cyber threat intelligence

The Standard

Collect, analyse and act on cyber threat intelligence — including data-breach and online-exposure detection — and share threat intelligence with the industry.

How Sentient Spire supports it

Orion Dark Web — continuous dark-web and breach monitoring, delivering source-tagged intelligence you can act on and share.

S 11.11S 11.13S 11.18

Detection, response & recovery

The Standard

Investigate and respond to flagged activity, maintain a comprehensive Cyber Incident Response Plan, and notify Bank Negara Malaysia of cyber incidents.

How Sentient Spire supports it

Seraph + AIADRE — autonomous detection-and-response workflows and incident evidence that support your CIRP and regulatory notifications.

S 11.6S 11.9

Adversarial testing (Red Team & VAPT)

The Standard

Conduct a realistic Red Team simulation at least once every three years, and regular vulnerability assessment and penetration testing.

How Sentient Spire supports it

Orion — AI-assisted penetration testing and adversarial exposure validation that produce defensible, standards-mapped findings.

S 10.47S 10.49S 10.50

Third-party & cloud risk

The Standard

Due diligence and continuous, real-time monitoring of third-party providers' cyber posture, and a comprehensive cloud risk assessment.

How Sentient Spire supports it

Orion Dark Web third-party monitoring with sovereign deployment — monitor your supply chain while data and controls stay in-country.

S 11.5Appendix 5

Data loss prevention

The Standard

Adopt the control measures in Appendix 5, which require Data Loss Prevention to be enforced across data in-use, in-motion and at-rest.

How Sentient Spire supports it

QCS + Mobile Defense — DLP-aligned controls across endpoints and mobile devices.

S 10.53S 10.54S 10.55S 10.57

Access control & strong authentication

The Standard

Deny-by-default, least-privilege access with social-engineering-resistant multi-factor authentication and monitored, logged access to critical systems.

How Sentient Spire supports it

Mobile Defense + bank SDK — device attestation, crypto-bound biometrics and hardware-backed multi-factor authentication.

S 10.20S 10.22

Cryptography

The Standard

Industry-standard cryptography with protected key storage (HSM/TEE) and a managed key lifecycle.

How Sentient Spire supports it

Sentient Spire SDK — hardware-backed keys (StrongBox / Secure Enclave) and signed, key-managed distribution.

S 10.17S 10.18S 10.45

Cyber resilience & recovery

The Standard

No systems running known-vulnerable or end-of-life technology, and tamper-proof backup with isolated recovery from destructive attacks such as ransomware.

How Sentient Spire supports it

Argus — continuous exposure and obsolescence monitoring with resilience validation.

Start here

See your exposure before an attacker does

Request a complimentary dark-web exposure snapshot for your institution — leaked credentials, exposed assets and brand abuse surfaced from Orion Dark Web, mapped to the RMiT threat-intelligence Standards (S 11.10, S 11.19). No installation; results reviewed with your team.

Request an exposure snapshot

Bring RMiT-aligned defence in-country

Request a briefing

This page is provided for information only and is not legal or regulatory advice. Clause references are to RMiT (BNM/RH/PD 028-98) and are current as at the effective date shown; the financial institution remains responsible for its own compliance assessment.