Featured Product

    MAS Issues Measures to Strengthen Cyber Resilience in Financial Sector

    August 06, 2019

    MAS has set out the measures that financial institutions must take to mitigate the growing risk of cyber threats. To this end, MAS issued a set of legally binding requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector in Singapore. The measures will come into effect on August 06, 2020. MAS also published the frequently asked questions (FAQs) on these measures. These recently issued cyber hygiene measures are intended for financial holding companies (Notice 1119), all banks in Singapore pursuant to section 55(1) of the Banking Act (Notice 655), merchant banks (Notice 1118), financial advisers (Notice FAA-N21), capital market entities (Notice CMG-N03, insurance brokers (Notice 507), finance companies (Notice 834), and insurance agents (Notice 132).

    These measures make compulsory the key elements in the existing MAS Technology Risk Management guidelines. The technology risk management guidelines are a set of best practices that provide financial institutions with guidance on the oversight of technology risk management, security practices, and controls to address technology risks. MAS expects financial institutions to observe the technology risk management guidelines, as this will be taken into account in MAS’ risk assessment of the financial institutions. As per the now-published measures on cyber hygiene, financial institutions must:

    • Establish and implement robust security for IT systems
    • Ensure updates are applied to address system security flaws in a timely manner
    • Deploy security devices to restrict unauthorized network traffic
    • Implement measures to mitigate the risk of malware infection
    • Secure the use of system accounts with special privileges to prevent unauthorized access
    • Strengthen user authentication for critical systems as well as systems used to access customer information

    MAS, in September 2018, had sought feedback from the public on the proposal to make this suite of cyber security measures into legally binding requirements. Financial institutions generally welcomed these measures and provided some suggestions about implementation of the requirements. These suggestions include focusing on strengthening user access to systems that store or access customer data and allowing more time for financial institutions to design, acquire, and integrate robust user authentication technology into their critical systems.

     

    Keywords: Asia Pacific, Singapore, Banking, Insurance, Securities, Cyber Resilience, Cyber Security, Cyber Risk, Technology Risk, MAS

    Related Articles
    News

    MAS Concludes Blockchain Payments Prototype Shows Commercial Potential

    MAS and Temasek jointly released a report to mark the successful conclusion of the fifth and final phase of Project Ubin, which focused on building a blockchain-based multi-currency payments network prototype.

    July 13, 2020 WebPage Regulatory News
    News

    PRA Publishes Public Working Draft of XBRL Taxonomy 1.2.0 for Insurers

    PRA published a public working draft, or PWD, of version 1.2.0 of the BoE Insurance XBRL taxonomy, along with the related technical artefacts.

    July 13, 2020 WebPage Regulatory News
    News

    CPMI Report Sets Out Building Blocks to Enhance Cross-Border Payments

    CPMI published a report that sets out nineteen building blocks for a global roadmap to improve cross-border payments.

    July 13, 2020 WebPage Regulatory News
    News

    EBA Publishes Phase 2 of Technical Package on Reporting Framework 2.10

    EBA published phase 2 of the technical package on the reporting framework 2.10, providing the technical tools and specifications for implementation of EBA reporting requirements.

    July 10, 2020 WebPage Regulatory News
    News

    APRA Updates Reporting Validation Rules in July 2020

    APRA updated the lists of the Direct to APRA (D2A) validation rules for authorized deposit-taking institutions, insurers, and superannuation entities.

    July 10, 2020 WebPage Regulatory News
    News

    PRA to Partly Apply EBA Guidelines on Disclosures for COVID Measures

    PRA updated the statement that provides guidance to regulated firms on implementation of the EBA guidelines on reporting and disclosure of exposures subject to measures applied in response to the COVID-19 crisis.

    July 10, 2020 WebPage Regulatory News
    News

    EBA Updates List of Correlated Currencies Under CRR

    EBA updated the 2019 list of closely correlated currencies that was originally published in December 2013.

    July 10, 2020 WebPage Regulatory News
    News

    ESMA Guides on Securitization Repository Data Consistency Thresholds

    ESMA published the final report on the guidelines on securitization repository data completeness and consistency thresholds.

    July 10, 2020 WebPage Regulatory News
    News

    FASB Proposes to Delay Implementation of Insurance Contracts Standard

    FASB issued a proposed Accounting Standards Update that would grant insurance companies, adversely affected by the COVID-19 pandemic, an additional year to implement the Accounting Standards Update No. 2018-12 on targeted improvements to accounting for long-duration insurance contracts, or LDTI (Topic 944).

    July 09, 2020 WebPage Regulatory News
    News

    APRA Updates Regulatory Approach to Loan Deferrals Amid COVID Crisis

    APRA updated the regulatory approach for loans subject to repayment deferrals amid the COVID-19 crisis.

    July 09, 2020 WebPage Regulatory News
    RESULTS 1 - 10 OF 5480