Featured Product

    MAS Issues Measures to Strengthen Cyber Resilience in Financial Sector

    August 06, 2019

    MAS has set out the measures that financial institutions must take to mitigate the growing risk of cyber threats. To this end, MAS issued a set of legally binding requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector in Singapore. The measures will come into effect on August 06, 2020. MAS also published the frequently asked questions (FAQs) on these measures. These recently issued cyber hygiene measures are intended for financial holding companies (Notice 1119), all banks in Singapore pursuant to section 55(1) of the Banking Act (Notice 655), merchant banks (Notice 1118), financial advisers (Notice FAA-N21), capital market entities (Notice CMG-N03, insurance brokers (Notice 507), finance companies (Notice 834), and insurance agents (Notice 132).

    These measures make compulsory the key elements in the existing MAS Technology Risk Management guidelines. The technology risk management guidelines are a set of best practices that provide financial institutions with guidance on the oversight of technology risk management, security practices, and controls to address technology risks. MAS expects financial institutions to observe the technology risk management guidelines, as this will be taken into account in MAS’ risk assessment of the financial institutions. As per the now-published measures on cyber hygiene, financial institutions must:

    • Establish and implement robust security for IT systems
    • Ensure updates are applied to address system security flaws in a timely manner
    • Deploy security devices to restrict unauthorized network traffic
    • Implement measures to mitigate the risk of malware infection
    • Secure the use of system accounts with special privileges to prevent unauthorized access
    • Strengthen user authentication for critical systems as well as systems used to access customer information

    MAS, in September 2018, had sought feedback from the public on the proposal to make this suite of cyber security measures into legally binding requirements. Financial institutions generally welcomed these measures and provided some suggestions about implementation of the requirements. These suggestions include focusing on strengthening user access to systems that store or access customer data and allowing more time for financial institutions to design, acquire, and integrate robust user authentication technology into their critical systems.

     

    Keywords: Asia Pacific, Singapore, Banking, Insurance, Securities, Cyber Resilience, Cyber Security, Cyber Risk, Technology Risk, MAS

    Related Articles
    News

    EBA Updates List of Validation Rules for Reporting by Banks

    EBA issued a revised list of validation rules with respect to the implementing technical standards on supervisory reporting.

    September 10, 2020 WebPage Regulatory News
    News

    EBA Responds to EC Call for Advice to Strengthen AML/CFT Framework

    EBA published its response to the call for advice of EC on ways to strengthen the EU legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT).

    September 10, 2020 WebPage Regulatory News
    News

    NGFS Advocates Environmental Risk Analysis for Financial Sector

    NGFS published a paper on the overview of environmental risk analysis by financial institutions and an occasional paper on the case studies on environmental risk analysis methodologies.

    September 10, 2020 WebPage Regulatory News
    News

    MAS Issues Guidelines to Promote Senior Management Accountability

    MAS published the guidelines on individual accountability and conduct at financial institutions.

    September 10, 2020 WebPage Regulatory News
    News

    APRA Formalizes Capital Treatment and Reporting of COVID-19 Loans

    APRA published final versions of the prudential standard APS 220 on credit quality and the reporting standard ARS 923.2 on repayment deferrals.

    September 09, 2020 WebPage Regulatory News
    News

    SRB Chair Discusses Path to Harmonized Liquidation Regime for Banks

    SRB published two articles, with one article discussing the framework in place to safeguard financial stability amid crisis and the other article outlining the path to a harmonized and predictable liquidation regime.

    September 09, 2020 WebPage Regulatory News
    News

    FSB Workshop Discusses Preliminary Findings of Too-Big-To-Fail Reforms

    FSB hosted a virtual workshop as part of the consultation process for its evaluation of the too-big-to-fail reforms.

    September 09, 2020 WebPage Regulatory News
    News

    ECB Updates List of Supervised Entities in EU in September 2020

    ECB updated the list of supervised entities in EU, with the number of significant supervised entities being 115.

    September 08, 2020 WebPage Regulatory News
    News

    OSFI Identifies Focus Areas to Strengthen Third-Party Risk Management

    OSFI published the key findings of a study on third-party risk management.

    September 08, 2020 WebPage Regulatory News
    News

    FSB Extends Implementation Timeline for Framework on SFTs

    FSB is extending the implementation timeline, by one year, for the minimum haircut standards for non-centrally cleared securities financing transactions or SFTs.

    September 07, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5796