MAS Revises Tech Risk Guidelines for FIs to Combat Heightened Cyber Risks

| 22 Jan 2021

The Monetary Authority of Singapore (MAS) has revised its Technology Risk Management Guidelines to keep pace with emerging technologies and shifts in the cyber threat landscape.

The Technology Risk Management Guidelines are a set of best practices that provide financial institutions (FIs) with guidance on the oversight of technology risk management, practices and controls to address technology and cyber risks.

The revised Guidelines focus on addressing technology and cyber risks in an environment of growing use by FIs of cloud technologies, application programming interfaces, and rapid software development. The Guidelines reinforce the importance of incorporating security controls as part of FIs’ technology development and delivery lifecycle, as well as in the deployment of emerging technologies. 

The recent spate of cyber attacks on supply chains, which targeted multiple IT service providers through the exploitation of widely-used network management software, is a clear indication of a worsening cyber threat environment. The revised Guidelines set out the following enhanced risk mitigation strategies for FIs to:

  • establish a robust process for the timely analysis and sharing of cyber threat intelligence within the financial ecosystem; and

  • conduct cyber exercises to allow FIs to stress test their cyber defences by simulating the attack tactics, techniques, and procedures used by real-world attackers.

The revised Guidelines set out the expectation for FIs to exercise strong oversight of the growing arrangements with third-party service providers, to ensure system resilience as well as maintain data confidentiality and integrity. Additionally,

  • the board and senior management should ensure that a Chief Information Officer and a Chief Information Security Officer, with the requisite experience and expertise, are appointed and accountable for managing technology and cyber risks; and

  • the board should include members with the relevant knowledge to provide effective oversight of technology and cyber risks.

Mr Tan Yeow Seng, Chief Cyber Security Officer, MAS, said, “Technology now underpins most aspects of financial services. Not only are financial institutions adopting new technologies, they are also increasingly reliant on third-party service providers. The revised Guidelines set out MAS’ higher expectations in the areas of technology risk governance and security controls in financial institutions.”

Stay in the know via our complimentary weekly newsletter

Check these out:

Top cyber insurance industry predictions for 2021

New Asia-wide study recommends increased public-private cooperation to maximise the benefits of digital health technologies

6th Asia Trusted Life Agents & Advisers Awards opens for nominations