The Monetary Authority of Singapore (“MAS”) issued a revised Technology Risk Management Guidelines (“Guidelines”) on 18 January 2021.
The MAS shared that the revised Guidelines focus on addressing technology and cyber risks by financial institutions (FIs) with the growing use of cloud technologies, application programming interfaces, and rapid software development. It reinforces the importance of incorporating security controls as part of FIs technology development and delivery lifecycle and the deployment of emerging technologies.
The MAS also highlighted the growing reliance of FIs on third-party service providers on technology solutions and development. MAS expects FIs will assess and manage their exposure to technology risks that may affect the confidentiality, integrity and availability of the IT systems and data before entering into a contractual agreement or partnership. FIs are expected to employ a high standard of care and diligence in protecting data confidentiality and integrity and ensure system resilience.
The revised Guidelines include feedback received by the MAS from the Consultation Paper on the proposed revisions to the MAS Technology Risk Management Guidelines on 7 March 2019. It sets out the technology risk management principles and best practices for FIs to:
a. Establish Sound and Robust Technology Risk Governance and Oversight
b. Maintain Cyber Resilience
The purpose of the Guidelines is to promote the adoption of sound and robust practices for the management of technology risk. The extent and degree to which FIs implement the Guidelines should commensurate with the level of risk and complexity of the financial services offered and the technology supporting such services.
Key Takeaways
a. Establish a sound and robust Technology Governance and Oversight
i. Role of the Board of Director and Senior Management
ii. Policies, Standards and Procedure
iii. Management of Information Assets
iv. Management of Third Party Services
v. Competency and Background Review
vi. Security Awareness and Training
b. Technology Risk Management Framework
Risk Management Framework
* Risk Identification
* Risk Assessment
* Risk Treatment
* Risk Monitoring, Review and Reporting
c. Roles and responsibilities of Board and Senior Management
Assessment of vendors (Technology)
Factors to consider
d. Assessment of third parties’ suitability in connection to the FIs Application Programming Interface (API)
Factors to consider
e. Cyber Threat Monitoring and Information Sharing
Factors to consider
f. Cyber Incident Response and Management
Factors to consider
g. Cyber Security Assessment
Factors to consider
h. Simulation of Cyber attacks tactics, techniques and procedure
i. IT Audit
RHT Compliance Solutions is a premier Compliance Service Advisory firm based in Singapore.
Our team comprises experienced and certified professionals with extensive regulatory, compliance and risk management experience from Singapore, Indonesia, Hong Kong and the broader region. The team is well equipped to provide clients with intelligent, risk-focused and cost-effective solutions.
RHT Group of Companies is an integrated ecosystem offering consultancy and fintech advisory services. When you engage us, you can be assured of a one-stop seamless service and multi-dimensional advisory afforded by our network of companies, backed by a team of capable leaders and effective individuals with expert knowledge. We are equipped to serve you at every stage of your business.
Jayaprakash Jagateesan
Executive Director and CEO
prakash.j@rhtgoc.com
Tony Yeow
Compliance Manager
tony.yeow@rhtgoc.com
RHT Compliance Solutions
1 Paya Lebar Link #06-08
PLQ 2 Paya Lebar Quarter
Singapore 408533
cs@rhtgoc.com