Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    • Blog
      • /
    • Compliance
      • /
    • Navigating Human and Agentic Risks for Financial Institutions in the APJ Region

    Navigating Human and Agentic Risks for Financial Institutions in the APJ Region

    Dr. Kawin Boonyapredee | May 12, 2026

    Introduction

    The Asia-Pacific and Japan (APJ) region, with its dynamic economic growth and technological advancements, presents unique challenges and opportunities in the realm of human risk management and agentic risk management, particularly within the financial services sector. As financial institutions strive to protect themselves from increasing cyber threats, they must align their security practices with the regulations set forth by central banks across the countries.

    Human and Agentic Risk Management in Financial Services

    While human risk management involves strategies to mitigate risks posed by human actions, such as phishing attacks and social engineering, agentic risk management focuses on risks associated with automated processes and artificial intelligence. Both are critical in the financial services industry, where the integrity of transaction data and customer information is paramount.

    Security Awareness and AI Agent Risk Management

    Security awareness training is essential for employees to recognize and respond to potential threats. AI agent risk management involves deploying technology that can predict, identify and mitigate risks autonomously. Together, they provide a comprehensive defense strategy for financial institutions.

    Regulatory Landscape in the ASEAN Region

    Regulations in the region are crafted to protect financial markets and consumers while promoting transparency and accountability. Below is a table of key financial services regulations from the central banks of major APJ countries, along with insights on how banks and financial institutions can align their requirements with KnowBe4's approach.

    Country Central Bank Key Regulations Alignment with KnowBe4
    Australia

    Australian Prudential Regulation Authority (APRA)

    		 Prudential Standard CPS 234 Information Security:

    Requires entities to maintain information security capabilities commensurate with the size and extent of threats.

    Fulfills mandate of training staff to recognize social engineering, provide Phish Alert Button (PAB) to ensure robust mechanisms to detect and respond to incidents, and provide phishing simulations.
    India

    Reserve Bank of India (RBI)

    		 RBI Cybersecurity Framework for Banks:

    Outlines baseline controls with a dedicated section on awareness and training.

    Provides attack simulations and training, tailored training content for executive leadership and PAB for incident reporting.
    Indonesia

    Bank Indonesia

    		 Cyber Security Framework: Aims to bolster financial institutions' cybersecurity posture.

    KnowBe4 supports compliance by equipping employees with the skills to identify and counter cyber threats.
    Japan

    Bank of Japan (BOJ) & Financial Services Agency (FSA)

    		 Guidelines on Cybersecurity for the Financial Sector:

    Emphasizes the reduction of risk through detection and recovery. Cybersecurity Self-Assessment (CSSA) is used to benchmark security management and focus on risk-based approaches

    KnowBe4 Security Awareness Training addresses key CSSA requirements by improving employee resilience against phishing and social engineering.
    Malaysia

    Bank Negara Malaysia

    		 Risk Management in Technology (RMiT): Provides a detailed framework for managing technology-related risks.

    The KnowBe4 Platform ensures compliance with RMiT through continuous education and awareness programs.
    New Zealand

    Reserve Bank of New Zealand (RBNZ)

    		 BS11 Outsourcing Policy and Guidance on Cyber Resilience:

    Requires banks to have governance and risk management processes for critical functions.

    Ensures staff are trained to handle sensitive information safely, while PhishER Plus can be used to monitor and triage threats reported by staff.
    Philippines

    Bangko Sentral ng Pilipinas (BSP)

    		 Enhanced Information Security Program: Strengthens information security across financial institutions.

    The KnowBe4 Platform aligns with BSP's requirements by fostering an informed and vigilant workforce.
    Singapore

    Monetary Authority of Singapore (MAS)

    		 Technology Risk Management Guidelines: Emphasizes the need for robust technology risk management frameworks.

    Offers training that helps employees understand and manage technology risks effectively.
    Thailand

    Bank of Thailand

    		 Cyber Resilience Assessment Framework: Focuses on enhancing cyber resilience.

    KnowBe4 helps build a culture of resilience through engaging security awareness training.
    Vietnam

    State Bank of Vietnam

    		 Circular on Information Security: Guides banks on maintaining robust information security measures.

    KnowBe4 aids in meeting these standards with targeted attack simulation and training.

    Forging a Resilient Future: Human-AI Collaboration in a Fragmented Regulatory Landscape

    Financial services institutions in the APJ region must navigate a complex regulatory environment while addressing both human and agentic risks. By leveraging the KnowBe4 Platform, these institutions can align with regional regulations and enhance their overall risk management strategies. This proactive approach not only safeguards sensitive data but also strengthens the trust of customers and stakeholders.

    Topics: Compliance Cybersecurity Bank and Finance Human Risk Management AI Agent Risk Management

    Secure Your Human and AI Workforce

    Transform your attack surface into your strongest defense with our AI-driven platform. Request a personalized demo to see how to mitigate social engineering, manage agent risk, and automate your phishing response.

    Get a Demo

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Dr. Kawin Boonyapredee

    ABOUT DR. KAWIN BOONYAPREDEE

    Kawin Boonyapredee is a CISO Advisor at KnowBe4 based in Singapore, where he serves the Asia-Pacific & Japan region. He has over 25 years of experience in information security, risk management, and compliance across North America and Asia. In his current role, he delivers strategic insights and practical solutions tailored to the evolving threat landscape, with a particular focus on fostering robust security cultures. Kawin is a frequent contributor to industry discussions, sharing his expertise through strategic advisory services and speaking engagements on topics ranging from digital transformation to the security implications of emerging technologies.

    Read more from Dr. »

    Subscribe to Our Blog

    Posts By Topic

    View All