Featured Product

    MAS Sets Out Good Practices to Manage Operational Risks Amid COVID

    March 02, 2021

    MAS and The Association of Banks in Singapore (ABS) jointly issued a paper that sets out good practices for the management of operational and other risks stemming from new work arrangements adopted by financial institutions amid the COVID-19 pandemic. The paper covers operational risks associated with outsourcing and other third-party arrangements, along with risks in the areas of information/data governance, cybersecurity, fraud and staff misconduct, and legal and regulatory compliance. The paper shares good practices adopted by financial institutions to mitigate such risks and encourages institutions to adopt these risk-mitigation practices on a risk-proportionate basis, according to their risk profiles and business activities. The mitigation practices set out in the paper are also applicable to non-bank financial institutions.

    The paper predominantly focuses on the areas of risks where changes, due to remote working, have a direct impact on the risks and risk management challenges faced by financial institutions (referred to as direct risks). However, poorly managed direct risks of remote working could lead to heightened risks in areas that may not be directly impacted by remote working (referred to as indirect risks). The paper provides examples of indirect credit, market, and reputational risks. For instance, changes in validation processes that are conducted for credit assessment and monitoring purposes, such as replacement of customer site visits (for example, to ascertain existence of collateral pledged) with customer calls, could affect the ability of a financial institution to identify red flags in customer circumstances. The paper sets out the key actions that financial institutions are encouraged to adopt to manage remote working risks and these actions include the following:

    • With respect to establishing appropriate internal control mechanisms, financial institutions are encouraged to implement compensating controls to manage identified risks within risk appetite statements approved by Board and senior management. Financial institutions are also encouraged to adopt robust change management procedures so that staff members understand and implement the new processes and controls as intended.
    • With respect to outsourcing and other third-party arrangements, financial institutions should evaluate changes to vendor risk profiles with remote working, such as by assessing vendors’ remote working controls and operational resilience. Financial institutions should also implement appropriate safeguards and contingency plans to ensure continuity of services.
    • For appropriate data/information governance, financial institutions should assess the risks and implications of information loss when determining which activities can be performed remotely. Financial institutions need to strengthen preventive and detective controls to mitigate these risks.
    • To mitigate cyber risk, financial institutions are encouraged to implement controls to ensure that remote working infrastructure of staff, including personal devices, are secured. Financial institutions should also continue to adopt sound and robust technology risk management practices, to manage hardware and software deployed to facilitate large-scale remote working, including during the pandemic.

    Keywords: Asia Pacific, Singapore, Banking, Insurance, Securities, COVID-19, Operational Risk, Operational Resilience, Technology Risk, Cyber Risk, Outsourcing Arrangements, Internal Controls, MAS

    Related Articles
    News

    APRA Publishes Results of Climate Risk Self-Assessment Survey

    The Australian Prudential Regulation Authority (APRA) has published the findings of its latest climate risk self-assessment survey conducted across the banking, insurance, and superannuation industries.

    August 04, 2022 WebPage Regulatory News
    News

    ACPR Publishes Updates Related to CRD IV and Covered Bonds

    The French Prudential Supervisory Authority (ACPR) published a notice related to the methods for calculating and publishing prudential ratios under the Capital Requirements Directive (CRD IV) and the minimum requirement for own funds and eligible liabilities (MREL).

    August 03, 2022 WebPage Regulatory News
    News

    BIS Paper Contributes to Debate on Regulating NBFIs and Big Techs

    The Financial Stability Institute (FSI) of the Bank for International Settlements recently published a paper proposing a framework for classifying financial stability regulation as either entity-based or activity-based.

    August 03, 2022 WebPage Regulatory News
    News

    EIOPA Publishes Guidance on Climate Change Scenarios in ORSA

    The European Insurance and Occupational Pension Authority (EIOPA) published the risk dashboard based on Solvency II data and the final version of the application guidance on climate change materiality assessments and climate change scenarios in the Own Risk and Solvency Assessment (ORSA).

    August 02, 2022 WebPage Regulatory News
    News

    EBA and ECB Respond to Proposals on Sustainability Disclosures

    The European Banking Authority (EBA) and the European Central Bank (ECB) published their responses to the consultations of the International Sustainability Standards Board (ISSB) and the European Financial Reporting Advisory Group (EFRAG) on sustainability-related disclosure standards.

    August 01, 2022 WebPage Regulatory News
    News

    BIS Report Notes Existing Gaps in Climate Risk Data at Central Banks

    A Consultative Group on Risk Management (CGRM) at the Bank for International Settlements (BIS) published a report that examines incorporation of climate risks into the international reserve management framework.

    July 29, 2022 WebPage Regulatory News
    News

    EBA Publishes Multiple Regulatory Updates for Regulated Entities

    The European Banking Authority (EBA) published the final guidelines on liquidity requirements exemption for investment firms, updated version of its 5.2 filing rules document for supervisory reporting, and Single Rulebook Question and Answer (Q&A) updates in July 2022.

    July 29, 2022 WebPage Regulatory News
    News

    EIOPA Issues SII Taxonomy and Guide on Sustainability Preferences

    The European Insurance and Occupational Pensions Authority (EIOPA) published Version 2.8.0 of the Solvency II data point model (DPM) and XBRL taxonomy.

    July 29, 2022 WebPage Regulatory News
    News

    EESC Opines on Proposals on CRR and European Single Access Point

    The European Union published, in the Official Journal of the European Union, an opinion from the European Economic and Social Committee (EESC); the opinion is on the proposal for a regulation to amend the Capital Requirements Regulation (CRR).

    July 29, 2022 WebPage Regulatory News
    News

    HM Treasury Publishes Multiple Regulatory Updates in July 2022

    HM Treasury published a draft statutory instrument titled “The Financial Services (Miscellaneous Amendments) (EU Exit) Regulations 2022,” along with the related explanatory memorandum and impact assessment.

    July 29, 2022 WebPage Regulatory News
    RESULTS 1 - 10 OF 8423