Featured Product

    MAS Issues Measures to Strengthen Cyber Resilience in Financial Sector

    August 06, 2019

    MAS has set out the measures that financial institutions must take to mitigate the growing risk of cyber threats. To this end, MAS issued a set of legally binding requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector in Singapore. The measures will come into effect on August 06, 2020. MAS also published the frequently asked questions (FAQs) on these measures. These recently issued cyber hygiene measures are intended for financial holding companies (Notice 1119), all banks in Singapore pursuant to section 55(1) of the Banking Act (Notice 655), merchant banks (Notice 1118), financial advisers (Notice FAA-N21), capital market entities (Notice CMG-N03, insurance brokers (Notice 507), finance companies (Notice 834), and insurance agents (Notice 132).

    These measures make compulsory the key elements in the existing MAS Technology Risk Management guidelines. The technology risk management guidelines are a set of best practices that provide financial institutions with guidance on the oversight of technology risk management, security practices, and controls to address technology risks. MAS expects financial institutions to observe the technology risk management guidelines, as this will be taken into account in MAS’ risk assessment of the financial institutions. As per the now-published measures on cyber hygiene, financial institutions must:

    • Establish and implement robust security for IT systems
    • Ensure updates are applied to address system security flaws in a timely manner
    • Deploy security devices to restrict unauthorized network traffic
    • Implement measures to mitigate the risk of malware infection
    • Secure the use of system accounts with special privileges to prevent unauthorized access
    • Strengthen user authentication for critical systems as well as systems used to access customer information

    MAS, in September 2018, had sought feedback from the public on the proposal to make this suite of cyber security measures into legally binding requirements. Financial institutions generally welcomed these measures and provided some suggestions about implementation of the requirements. These suggestions include focusing on strengthening user access to systems that store or access customer data and allowing more time for financial institutions to design, acquire, and integrate robust user authentication technology into their critical systems.


    Keywords: Asia Pacific, Singapore, Banking, Insurance, Securities, Cyber Resilience, Cyber Security, Cyber Risk, Technology Risk, MAS

    Related Articles

    PRA Amends Pillar 2 Capital Framework for Banks

    PRA published the policy statement PS2/20 that contains the final amendments to the Pillar 2 framework and provides feedback to responses to the consultation paper CP5/19 on updates related to Pillar 2 capital framework.

    January 23, 2020 WebPage Regulatory News

    FED Proposes to Revise Information Collection Under Market Risk Rule

    FED proposed to revise and extend, for three years, FR 4201, which is the information collection under the market risk capital rule.

    January 22, 2020 WebPage Regulatory News

    MAS Amends Notices on Minimum Liquid Asset Requirements for Banks

    MAS published amendments to Notices 1015, 613, and 649 related to the minimum liquid assets (MLA) requirements.

    January 21, 2020 WebPage Regulatory News

    APRA Publishes Submission on Fintech and Regtech

    APRA published its submission, to the Senate Select Committee, on financial technology and regulatory technology.

    January 21, 2020 WebPage Regulatory News

    ECB Consults on Guideline on Threshold for Credit Obligations Past Due

    ECB published a draft guideline, along with the frequently asked questions (FAQs), on the definition of the materiality threshold for credit obligations past due for less significant institutions.

    January 20, 2020 WebPage Regulatory News

    BIS Discusses Role of Central Banks in Addressing Climate Change Risks

    BIS published a book that reviews ways of addressing the climate change risks within the financial stability mandate of central banks.

    January 19, 2020 WebPage Regulatory News

    FSB Report Examines Global Nonbank Financial Intermediation Activity

    FSB published the ninth annual report examining the global non-bank financial intermediation activity.

    January 19, 2020 WebPage Regulatory News

    OSFI Publishes Instruction Guide on Solvency Information Return

    OSFI published an instruction guide to assist administrators of pension plans in completing the Solvency Information Return that is required to be filed with OSFI.

    January 17, 2020 WebPage Regulatory News

    EU Amends IFRS 9 Rule, Changes Concern Interest Rate Benchmark Reforms

    EU published Regulation 2020/34 regarding the International Accounting Standard (IAS) 39 and International Financial Reporting Standards (IFRS) 7 and 9.

    January 16, 2020 WebPage Regulatory News

    FDIC and OCC Issue Statement on Heightened Cyber Security Risk

    In response to the heightened cyber-security risk facing the financial services industry and other critical business sectors, FDIC and OCC issued an interagency statement on heightened cyber-security risk.

    January 16, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 4515