MAS Issues Measures to Strengthen Cyber Resilience in Financial Sector
MAS has set out the measures that financial institutions must take to mitigate the growing risk of cyber threats. To this end, MAS issued a set of legally binding requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector in Singapore. The measures will come into effect on August 06, 2020. MAS also published the frequently asked questions (FAQs) on these measures. These recently issued cyber hygiene measures are intended for financial holding companies (Notice 1119), all banks in Singapore pursuant to section 55(1) of the Banking Act (Notice 655), merchant banks (Notice 1118), financial advisers (Notice FAA-N21), capital market entities (Notice CMG-N03, insurance brokers (Notice 507), finance companies (Notice 834), and insurance agents (Notice 132).
These measures make compulsory the key elements in the existing MAS Technology Risk Management guidelines. The technology risk management guidelines are a set of best practices that provide financial institutions with guidance on the oversight of technology risk management, security practices, and controls to address technology risks. MAS expects financial institutions to observe the technology risk management guidelines, as this will be taken into account in MAS’ risk assessment of the financial institutions. As per the now-published measures on cyber hygiene, financial institutions must:
- Establish and implement robust security for IT systems
- Ensure updates are applied to address system security flaws in a timely manner
- Deploy security devices to restrict unauthorized network traffic
- Implement measures to mitigate the risk of malware infection
- Secure the use of system accounts with special privileges to prevent unauthorized access
- Strengthen user authentication for critical systems as well as systems used to access customer information
MAS, in September 2018, had sought feedback from the public on the proposal to make this suite of cyber security measures into legally binding requirements. Financial institutions generally welcomed these measures and provided some suggestions about implementation of the requirements. These suggestions include focusing on strengthening user access to systems that store or access customer data and allowing more time for financial institutions to design, acquire, and integrate robust user authentication technology into their critical systems.
Keywords: Asia Pacific, Singapore, Banking, Insurance, Securities, Cyber Resilience, Cyber Security, Cyber Risk, Technology Risk, MAS
Previous Article
EBA Reviews Usefulness of Single Rulebook Questions and AnswersRelated Articles
|
News
FASB Proposes Taxonomy Changes Related to Topics 848 and 470FASB proposed taxonomy improvements for the proposed Accounting Standards Update on topic 848 on facilitation of effects of reference rate reform on financial reporting.
September 16, 2019
WebPage
Regulatory News
|
|
News
BoE Statement on Recalculating Transitional Measures Under Solvency IIBoE notified that it will be willing to accept applications from firms to recalculate transitional measure on technical provisions (TMTP) as at September 30, 2019.
September 16, 2019
WebPage
Regulatory News
|
|
News
BoE Paper on Market-Implied Systemic Risk and Shadow Capital AdequacyBoE published a working paper that presents a forward-looking approach to measure systemic solvency risk.
September 13, 2019
WebPage
Regulatory News
|
|
News
HKMA Consults on Policy Module on Pillar 2 Supervisory Review ProcessHKMA is consulting on the revised Supervisory Policy Manual module CA-G-5 that sets out the HKMA approach to conducting the supervisory review process under Pillar 2.
September 13, 2019
WebPage
Regulatory News
|
|
News
PRA Publishes Waiver by Consent of Continuity of Access RulesPRA published a new waiver by consent to waive the Continuity of Access requirements contained in the Depositor Protection Part of the PRA Rulebook (DPP).
September 13, 2019
WebPage
Regulatory News
|
|
News
EBA Single Rulebook Q&A: Second Update for September 2019EBA updated the Single Rulebook question and answer (Q&A) tool with answers to three questions.
September 13, 2019
WebPage
Regulatory News
|
|
News
PRA Revises Branch Return and Updates Guidance for Regulatory ReportsPRA published the policy statement PS17/19, which contains the final policy related to changes in the format and content of the Branch Return Form and reporting guidance.
September 12, 2019
WebPage
Regulatory News
|
|
News
ISDA Guide on Collateral Management Under Smart Derivatives ContractsISDA published the third in a series of legal guidelines for smart derivatives contracts.
September 12, 2019
WebPage
Regulatory News
|
|
News
ESA Report Highlights Risks of No-Deal Brexit in EU Financial SystemESAs published a Joint Committee report on risks and vulnerabilities in the EU financial system.
September 12, 2019
WebPage
Regulatory News
|
|
News
ECB Modifies New Targeted Longer-Term Refinancing OperationsThe Governing Council of ECB decided to modify some of the key parameters of the third series of targeted longer-term refinancing operations (TLTRO III) to preserve favorable bank lending conditions (Decision (EU) 2019/1558).
September 12, 2019
WebPage
Regulatory News
|
