MAS has set out the measures that financial institutions must take to mitigate the growing risk of cyber threats. To this end, MAS issued a set of legally binding requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector in Singapore. The measures will come into effect on August 06, 2020. MAS also published the frequently asked questions (FAQs) on these measures. These recently issued cyber hygiene measures are intended for financial holding companies (Notice 1119), all banks in Singapore pursuant to section 55(1) of the Banking Act (Notice 655), merchant banks (Notice 1118), financial advisers (Notice FAA-N21), capital market entities (Notice CMG-N03, insurance brokers (Notice 507), finance companies (Notice 834), and insurance agents (Notice 132).
These measures make compulsory the key elements in the existing MAS Technology Risk Management guidelines. The technology risk management guidelines are a set of best practices that provide financial institutions with guidance on the oversight of technology risk management, security practices, and controls to address technology risks. MAS expects financial institutions to observe the technology risk management guidelines, as this will be taken into account in MAS’ risk assessment of the financial institutions. As per the now-published measures on cyber hygiene, financial institutions must:
- Establish and implement robust security for IT systems
- Ensure updates are applied to address system security flaws in a timely manner
- Deploy security devices to restrict unauthorized network traffic
- Implement measures to mitigate the risk of malware infection
- Secure the use of system accounts with special privileges to prevent unauthorized access
- Strengthen user authentication for critical systems as well as systems used to access customer information
MAS, in September 2018, had sought feedback from the public on the proposal to make this suite of cyber security measures into legally binding requirements. Financial institutions generally welcomed these measures and provided some suggestions about implementation of the requirements. These suggestions include focusing on strengthening user access to systems that store or access customer data and allowing more time for financial institutions to design, acquire, and integrate robust user authentication technology into their critical systems.
Keywords: Asia Pacific, Singapore, Banking, Insurance, Securities, Cyber Resilience, Cyber Security, Cyber Risk, Technology Risk, MAS
Next ArticleEC Launches the Blockchain Association INATBA
OSFI has set out the near-term priorities for federally regulated financial institutions and federally regulated private pension plans for the coming months until March 31, 2022.
Under the Italian G20 Presidency, BIS Innovation Hub and the Italian central bank BDI launched the second edition of the G20 TechSprint on the lookout for innovative solutions to resolve operational problems in green and sustainable finance.
EBA proposed the regulatory technical standards on a central database on anti-money laundering and countering the financing of terrorism (AML/CFT) in EU.
ECB published its response to the targeted EC consultation on the review of the bank crisis management and deposit insurance framework in EU.
ACPR published Version 1.0.0 of the RUBA taxonomy, which will come into force from the decree of January 31, 2022.
BCBS, CPMI, and IOSCO (the Committees) are inviting entities that participate in market infrastructures and securities markets through an intermediary as well as non-bank intermediaries to complete voluntary surveys on the use of margin calls.
ECB published Decision 2021/752 to amend Decision 2019/1311 on the third series of targeted longer-term refinancing operations or TLTRO III.
The Central Bank of Ireland published Version 2.7 of the draft credit data template and rules for monthly AnaCredit reporting by banks.
OSFI proposed revisions to the Basel Capital Adequacy Reporting (BCAR) and leverage requirements returns for the 2023 reporting, with the comment period ending on July 09, 2021.
EBA published a discussion paper on review of the standardized nonperforming loans (NPL) transaction data templates, along with the proposed revised NPL data templates.