MAS proposed changes to the guidelines on technology risk management and business continuity management. The proposed changes take into account the rapidly changing physical and cyber threat landscape and will require financial institutions to put in place enhanced measures to strengthen operational resilience. The two guidelines continue to emphasize the importance of risk culture, along with the roles of Board of Directors and senior management in technology risk and business continuity management. The comment period for the proposed guidelines ends on April 08, 2019.
Under the technology risk management guidelines, the proposed changes relate to technology risk governance and oversight, effective cyber surveillance, secure software development, and emerging technologies. The proposals were developed in close partnership with the financial industry. The MAS Cyber Security Advisory Panel (CSAP), which comprises international cyber security thought leaders, provided valuable inputs in shaping these proposals.
The second consultation is on the business continuity management guidelines, which raise standards for financial institutions in the development of business continuity plans that will better account for interdependencies across financial institutions’ operational units and linkages with external service providers. Financial institutions are encouraged to put in place an independent audit program to regularly review the effectiveness of their efforts on business continuity management.
Comment Due Date: April 08, 2019
Keywords: Asia Pacific, Singapore, Banking, Securities, Business Continuity, Technology Risk, Cyber Security, Operational Risk, Cyber Risk, Regtech, MAS
APRA issued a letter on the loss-absorbing capacity (LAC) requirements for domestic systemically important banks (D-SIBs) and published a discussion paper, along with the proposed the prudential standards on financial contingency planning (CPS 190) and resolution planning (CPS 900).
The European Commission (EC) launched a call for evidence, until March 18, 2022, as part of a comprehensive review of the macro-prudential rules for the banking sector under the Capital Requirements Regulation (CRR) and Directive (CRD IV).
The Financial Stability Board (FSB) published a report that sets out good practices for crisis management groups.
The Australian Prudential Regulation Authority (APRA) found that Heritage Bank Limited had incorrectly reported capital because of weaknesses in operational risk and compliance frameworks, although the bank did not breach minimum prudential capital ratios at any point and remains well-capitalized.
The Office of the Superintendent of Financial Institutions (OSFI) released the annual report for 2020-2021.
Through a letter addressed to the banking sector entities, the Office of the Superintendent of Financial Institutions (OSFI) announced deferral of the domestic implementation of the final Basel III reforms from the first to the second quarter of 2023.
EIOPA recently published a letter in which EC is informing the European Parliament and Council that it could not adopt the set of draft regulatory technical standards for disclosures under the Sustainable Finance Disclosure Regulation (SFDR) within the stipulated three-month period, given their length and technical detail.
The Financial Conduct Authority (FCA) published the third in a series of policy statements that set out rules to introduce the UK Investment Firm Prudential Regime (IFPR), which will take effect on January 01, 2022.
The Australian Prudential Regulation Authority (APRA) published, along with a summary of its response to the consultation feedback, an information paper that summarizes the finalized capital framework that is in line with the internationally agreed Basel III requirements for banks.
The Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) issued a consultative report focusing on access to central counterparty (CCP) clearing and client-position portability.