MAS Issues Measures to Strengthen Cyber Resilience in Financial Sector
MAS has set out the measures that financial institutions must take to mitigate the growing risk of cyber threats. To this end, MAS issued a set of legally binding requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector in Singapore. The measures will come into effect on August 06, 2020. MAS also published the frequently asked questions (FAQs) on these measures. These recently issued cyber hygiene measures are intended for financial holding companies (Notice 1119), all banks in Singapore pursuant to section 55(1) of the Banking Act (Notice 655), merchant banks (Notice 1118), financial advisers (Notice FAA-N21), capital market entities (Notice CMG-N03, insurance brokers (Notice 507), finance companies (Notice 834), and insurance agents (Notice 132).
These measures make compulsory the key elements in the existing MAS Technology Risk Management guidelines. The technology risk management guidelines are a set of best practices that provide financial institutions with guidance on the oversight of technology risk management, security practices, and controls to address technology risks. MAS expects financial institutions to observe the technology risk management guidelines, as this will be taken into account in MAS’ risk assessment of the financial institutions. As per the now-published measures on cyber hygiene, financial institutions must:
- Establish and implement robust security for IT systems
- Ensure updates are applied to address system security flaws in a timely manner
- Deploy security devices to restrict unauthorized network traffic
- Implement measures to mitigate the risk of malware infection
- Secure the use of system accounts with special privileges to prevent unauthorized access
- Strengthen user authentication for critical systems as well as systems used to access customer information
MAS, in September 2018, had sought feedback from the public on the proposal to make this suite of cyber security measures into legally binding requirements. Financial institutions generally welcomed these measures and provided some suggestions about implementation of the requirements. These suggestions include focusing on strengthening user access to systems that store or access customer data and allowing more time for financial institutions to design, acquire, and integrate robust user authentication technology into their critical systems.
Keywords: Asia Pacific, Singapore, Banking, Insurance, Securities, Cyber Resilience, Cyber Security, Cyber Risk, Technology Risk, MAS
Previous Article
EBA Reviews Usefulness of Single Rulebook Questions and AnswersRelated Articles
|
News
MAS Amends Notice 610 on Reporting Templates for Banks in SingaporeMAS published amendments to Notices 610 and 1003 related to submission of statistics and returns, along with the reporting templates and frequently asked questions (FAQs) associated with these Notices.
January 24, 2020
WebPage
Regulatory News
|
|
News
HKMA Updates Policy Module on Supervisory Review ProcessHKMA is issuing, by notice in the Gazette, revised versions of two Supervisory Policy Manual modules as statutory guidelines under section 7(3) of the Banking Ordinance. The Supervisory Policy Manual modules are CA-G-5 on “Supervisory Review Process” and SB-2 on “Leveraged Foreign Exchange Trading.”
January 24, 2020
WebPage
Regulatory News
|
|
News
PRA Amends Pillar 2 Capital Framework for BanksPRA published the policy statement PS2/20 that contains the final amendments to the Pillar 2 framework and provides feedback to responses to the consultation paper CP5/19 on updates related to Pillar 2 capital framework.
January 23, 2020
WebPage
Regulatory News
|
|
News
FED Proposes to Revise Information Collection Under Market Risk RuleFED proposed to revise and extend, for three years, FR 4201, which is the information collection under the market risk capital rule.
January 22, 2020
WebPage
Regulatory News
|
|
News
HKMA Consults on Stay Rules on Financial Contracts Under FIROHKMA published proposals for making rules related to contractual stays on termination rights in financial contracts for authorized institutions under FIRO or the Financial Institutions (Resolution) Ordinance (Cap. 628).
January 22, 2020
WebPage
Regulatory News
|
|
News
MAS Amends Notices on Minimum Liquid Asset Requirements for BanksMAS published amendments to Notices 1015, 613, and 649 related to the minimum liquid assets (MLA) requirements.
January 21, 2020
WebPage
Regulatory News
|
|
News
APRA Publishes Submission on Fintech and RegtechAPRA published its submission, to the Senate Select Committee, on financial technology and regulatory technology.
January 21, 2020
WebPage
Regulatory News
|
|
News
OSFI to Implement Operational Risk Capital Rules for Banks in Q1 2022OSFI decided to move domestic implementation of the revised Basel III operational risk capital requirements from the first quarter of 2021 to the first quarter of 2022.
January 20, 2020
WebPage
Regulatory News
|
|
News
ECB Consults on Guideline on Threshold for Credit Obligations Past DueECB published a draft guideline, along with the frequently asked questions (FAQs), on the definition of the materiality threshold for credit obligations past due for less significant institutions.
January 20, 2020
WebPage
Regulatory News
|
|
News
OSFI Consults on Instruction Guide for Termination of Pension PlanOSFI is consulting on draft revisions to the instruction guide for termination of a defined benefit pension plan.
January 20, 2020
WebPage
Regulatory News
|
