Yes. The Risk Management in Technology Guidelines issued by Bank Negara Malaysia ("BNM") provide the following:

1. A financial institution must conduct a comprehensive risk assessment prior to cloud adoption. The risk assessment must consider the inherent architecture of cloud services that leverages on the sharing of resources and services across multiple tenants over the internet. The risk assessment must be documented and made available for BNM's review as and when requested.
2. A financial institution must notify BNM of its intention to use cloud services for noncritical systems.
3. A financial institution is required to consult BNM prior to using public cloud for critical systems.
4. A financial institution must implement appropriate safeguards on customer and counterparty information and proprietary data when using cloud services to protect against unauthorized disclosure and access.

Where the use of cloud services constitutes outsourcing, the financial institution must conduct appropriate due diligence of a service provider when considering all new arrangements, and when renewing or renegotiating existing arrangements.

Further, where the financial institution is a holder of a capital markets and services license ("CMSL Holder"), the Licensing Handbook issued by the Securities Commission Malaysia provides that a CMSL Holder is not allowed to outsource any back office function that involves (i) the financial institution's decision-making functions or (ii) any interaction or direct contact with the financial institution's clients. Therefore, where the provision of cloud outsourcing services does not involve (i) or (ii), it will be permissible for the financial institution to outsource using those cloud services.