Featured Product

    MAS Issues Measures to Strengthen Cyber Resilience in Financial Sector

    August 06, 2019

    MAS has set out the measures that financial institutions must take to mitigate the growing risk of cyber threats. To this end, MAS issued a set of legally binding requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector in Singapore. The measures will come into effect on August 06, 2020. MAS also published the frequently asked questions (FAQs) on these measures. These recently issued cyber hygiene measures are intended for financial holding companies (Notice 1119), all banks in Singapore pursuant to section 55(1) of the Banking Act (Notice 655), merchant banks (Notice 1118), financial advisers (Notice FAA-N21), capital market entities (Notice CMG-N03, insurance brokers (Notice 507), finance companies (Notice 834), and insurance agents (Notice 132).

    These measures make compulsory the key elements in the existing MAS Technology Risk Management guidelines. The technology risk management guidelines are a set of best practices that provide financial institutions with guidance on the oversight of technology risk management, security practices, and controls to address technology risks. MAS expects financial institutions to observe the technology risk management guidelines, as this will be taken into account in MAS’ risk assessment of the financial institutions. As per the now-published measures on cyber hygiene, financial institutions must:

    • Establish and implement robust security for IT systems
    • Ensure updates are applied to address system security flaws in a timely manner
    • Deploy security devices to restrict unauthorized network traffic
    • Implement measures to mitigate the risk of malware infection
    • Secure the use of system accounts with special privileges to prevent unauthorized access
    • Strengthen user authentication for critical systems as well as systems used to access customer information

    MAS, in September 2018, had sought feedback from the public on the proposal to make this suite of cyber security measures into legally binding requirements. Financial institutions generally welcomed these measures and provided some suggestions about implementation of the requirements. These suggestions include focusing on strengthening user access to systems that store or access customer data and allowing more time for financial institutions to design, acquire, and integrate robust user authentication technology into their critical systems.

     

    Keywords: Asia Pacific, Singapore, Banking, Insurance, Securities, Cyber Resilience, Cyber Security, Cyber Risk, Technology Risk, MAS

    Related Articles
    News

    FASB Proposes Taxonomy Changes Related to Topics 848 and 470

    FASB proposed taxonomy improvements for the proposed Accounting Standards Update on topic 848 on facilitation of effects of reference rate reform on financial reporting.

    September 16, 2019 WebPage Regulatory News
    News

    BoE Statement on Recalculating Transitional Measures Under Solvency II

    BoE notified that it will be willing to accept applications from firms to recalculate transitional measure on technical provisions (TMTP) as at September 30, 2019.

    September 16, 2019 WebPage Regulatory News
    News

    BoE Paper on Market-Implied Systemic Risk and Shadow Capital Adequacy

    BoE published a working paper that presents a forward-looking approach to measure systemic solvency risk.

    September 13, 2019 WebPage Regulatory News
    News

    HKMA Consults on Policy Module on Pillar 2 Supervisory Review Process

    HKMA is consulting on the revised Supervisory Policy Manual module CA-G-5 that sets out the HKMA approach to conducting the supervisory review process under Pillar 2.

    September 13, 2019 WebPage Regulatory News
    News

    PRA Publishes Waiver by Consent of Continuity of Access Rules

    PRA published a new waiver by consent to waive the Continuity of Access requirements contained in the Depositor Protection Part of the PRA Rulebook (DPP).

    September 13, 2019 WebPage Regulatory News
    News

    EBA Single Rulebook Q&A: Second Update for September 2019

    EBA updated the Single Rulebook question and answer (Q&A) tool with answers to three questions.

    September 13, 2019 WebPage Regulatory News
    News

    PRA Revises Branch Return and Updates Guidance for Regulatory Reports

    PRA published the policy statement PS17/19, which contains the final policy related to changes in the format and content of the Branch Return Form and reporting guidance.

    September 12, 2019 WebPage Regulatory News
    News

    ISDA Guide on Collateral Management Under Smart Derivatives Contracts

    ISDA published the third in a series of legal guidelines for smart derivatives contracts.

    September 12, 2019 WebPage Regulatory News
    News

    ESA Report Highlights Risks of No-Deal Brexit in EU Financial System

    ESAs published a Joint Committee report on risks and vulnerabilities in the EU financial system.

    September 12, 2019 WebPage Regulatory News
    News

    ECB Modifies New Targeted Longer-Term Refinancing Operations

    The Governing Council of ECB decided to modify some of the key parameters of the third series of targeted longer-term refinancing operations (TLTRO III) to preserve favorable bank lending conditions (Decision (EU) 2019/1558).

    September 12, 2019 WebPage Regulatory News
    RESULTS 1 - 10 OF 3819