
Knowledge Highlights 9 May 2022
Knowledge Highlights 1 February 2021
On 18 January 2021, the Monetary Authority of Singapore (“MAS”) issued the revised Technology Risk Management Guidelines (“Guidelines”) to keep pace with emerging technologies and shifts in the cyber threat landscape.
The revised Guidelines focus on addressing technology and cyber risks amid the growing use of cloud technologies, application programming interfaces and rapid software development by financial institutions (“FIs”). The Guidelines reinforce the importance of incorporating security controls as part of FIs’ technology development and delivery lifecycle, as well as in the deployment of emerging technologies.
Roles and responsibilities of board of directors and senior management
The revised Guidelines provide additional guidance on the roles and responsibilities of the board of directors and senior management, including the following:
Enhanced risk mitigation strategies
The revised Guidelines set out the following enhanced risk mitigation strategies for FIs:
The Guidelines have also been revised to include additional guidance to manage risks arising from emerging technologies, including the following:
Oversight of arrangements with third-party service providers
In light of FIs’ growing reliance on third-party service providers, the revised Guidelines set out the expectation for FIs to exercise strong oversight of arrangements with third-party service providers. On an ongoing basis, FIs should ensure that third-party service providers employ a high standard of care and diligence in protecting data confidentiality and integrity as well as ensuring system resilience.
Background
The revised Guidelines incorporate feedback received from the public consultation conducted in 2019, MAS’ engagement with the industry, and MAS’ Cyber Security Advisory Panel. MAS issued its response to feedback received on the consultation paper on 18 January 2021.
Reference materials
The following materials are available on the MAS website www.mas.gov.sg:
Allen & Gledhill Regulatory & Compliance
To assist our clients with compliance matters, our consultancy arm, Allen & Gledhill Regulatory & Compliance, provides a range of services and solutions. Should you have any queries relating to compliance issues arising out of these developments, please contact:
Lawrence Low
+65 6890 7448
lawrence.low@allenandgledhill.com