Singapore tightens MAS technology risk management guidelines following cyber security attacks
The Monetary Authority of Singapore (MAS) technology risk management guidelines have been revised for financial institutions (FIs) in response to a wave of cyber security attacks across the sector.
Globally, cyber security attacks targeting FIs have been on the increase. So, it is no surprise that one of the most cyber-ready states in Asia has seen a rise in attacks.
Why have the MAS TRM guidelines been revised?
Regulated financial and insurance firms have seen an increased reliance on digital technologies in order to deal with the pandemic, improve operational efficiency and deliver better and more convenient customer services. However, this reliance has led to a more accessible platform for cyber criminals to target.
The new compliance procedures can also be seen as timely and crucial when it comes to nationwide digitalisation, an advance in intelligent cyber criminals and the latest cyber-attacks to supply chains, where established network management software became a victim.
How will the new MAS technology risk management guidelines affect Financial institutions?
Financial institutions in Singapore must now adhere to further compliance measures when managing their IT infrastructure and vendors in order to mitigate any posing cyber threats.
The new regulations are a way to protect data confidentiality and impose much-needed supervision of partnerships with third-party service providers.
The amended guidelines introduce MAS’s sharper expectations for financial institutions’ cyber risk management standards and practices. Some of the revised regulations are as follows:
Expanded responsibilities for the board of directors and senior management
The Board of Directors and senior management of financial institutes now have a considerably larger responsibility for managing technology risk and cyber security attacks.
Firms have been advised to appoint a Chief Information Officer and a Chief Information Security Officer with the right expertise to oversee and manage the FI’s technology and cyber risks.
The board of directors must approve the risk appetite and risk tolerance statement and ensure crucial IT decisions are made in agreement with the FI’s risk appetite.
Risk management for new technologies
The guidelines now include more stringent requirements for advanced technologies, such as third-party access of APIs (application programming interface), virtualisation of machines and Internet of Things devices.
Before facilitating any third parties to access APIs, financial institutions must implement an array of security measures, such as establishing security standards for designing and developing secure APIs and performing robust security screening.
Cyber security operations
Financial institutions must now provide specific information on how they are mitigating cyber security risks. Firms must take a proactive approach to digitally defending their data.
The guidelines recommend that corporations should obtain cyber intelligence monitoring services and establish a cyber incident response and management plan to isolate current cyber threats and mitigate any future ones.
Firms should review and update their existing processes, evaluating the types of technologies they implement and assessing whether more stringent security measures are needed, whilst reporting and sharing any findings within the financial ecosystem.
The MAS said in a statement that the new amendments are expected to help businesses to persevere with the ever-advancing technologies as well as changes in the existing cybersecurity threat landscape. MAS expects all financial institutions to take steps to guarantee that their business operations comply with the 2021 Guidelines.
In response to complying with the new MAS technology risk management guidelines, your company may need to implement a systematic and evidential approach to accountability and competency, which can be a daunting process. Pentana Compliance gives your business all the tools you need to facilitate effective regulatory compliance, allowing firms to streamline business processes and provides regulators and stakeholders complete assurance that every aspect of people and process regulation is addressed.