imc-logo
Mas Compliances In Singapore

MAS Revises Guidelines on Risk Management: The Technology Risk

What are the MAS Technology Risk Management Guidelines in Singapore?

The Monetary Authority of Singapore (MAS) is the financial regulator in Singapore and also the country’s central bank.

MAS issued Technology Risk Management (TRM) Guidelines on 21 June 2013 and came into effect on 1 July 2014. Notices issued on TRM are tied to the Monetary Authority of Singapore act s and impact all Financial Institutions (FIs) in Singapore and include all available IT systems.

TRM Guidelines (TRMG) are issued to help FIs build sound technology risk management frameworks, strengthen IT system security, and safeguard sensitive data and transactions of all the clients. It is regarded as one of the most comprehensive, elaborate and robust guidelines in the world.

Though, MAS compliances in Singapore  for TRMG is not mandatory; the notices and codes issued by MAS from time to time under relevant legislation and subsidiary legislation are legally binding and any non-compliance to the notice and code may result in financial penalties, damage to public relations and even revocation of licence to do business in Singapore.

What is the Main Focus of MAS TRMG?

The main focus of Monetary Authority of Singapore (MAS) Guidelines  on technology risk management is encryption of confidential data and access control.

MAS guidelines specify encryption of sensitive and confidential information before transporting and storing it on IT systems, servers, and databases.

Granting access rights and privileges must be based on job responsibility and no one should have any intrinsic right to access confidential data based on rank or position.

Financial institutions should maintain audit logging of system activities performed by privileged users and, at the same time, disallow privileged users from accessing systems logs if found accessing confidential data during such audits.

Why has MAS revised TRMG?

In recent times, increased reliance on digital technologies has been witnessed by all regulated financial and insurance firms, especially after the virus outbreak to enhance operational effectiveness and cater to more convenient customer services. This reliance, however, has resulted in more security vulnerabilities of cyber-attacks because of a more accessible platform.

Secondly, there might not be a more opportune time for new compliance procedures in the light of nationwide digitalisation, a rise in intelligent cybercriminals and increased cyber-attacks on established supply chain networks lately.

What are the Most Important Requirements Addressed?

On 18 January 2021, MAS published the revised TRMG, an updated version of the 2013 guidelines. Two new sections, Cyber security assessment and cyber-surveillance and security operations have been introduced.

Five sections have undergone significant changes, and three new annexes have been added focusing on application security testing and device security including BYOD and mobile application security.

The new and enhanced TRMG requirements emphasize the following.

The Financial Statements must have the following documents

Certain small and dormant companies are exempted from having their financial statements audited and can file their unaudited financial statements.

How would the Revised TRMG affect the FIs in Singapore?

The revised MAS regulation  on the technology risk management needs the FIs to address the following

Certain small and dormant companies are exempted from having their financial statements audited and can file their unaudited financial statements.

The Takeaway

The revised guidelines strengthened the risk management principles and best practices to guide financial institutions to establish more sound and robust technology risk governance and oversight and maintain IT and cyber resilience.

While implementing the newly revised guidelines may seem challenging, automating the process can help save time and effort while achieving greater security and meeting MAS compliances in Singapore .