<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705389681562533&amp;ev=PageView&amp;noscript=1">
whatsappChat

New MAS Ruling to Strengthen Cyber Resilience of the Financial Industry

From 6 August 2020, Financial Institutions (FIs) must comply with a new set of requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector.

These mandatory elements in the existing MAS Technology Risk Management (TRM) Guidelines include: 

    • Establishing and implementing robust security for IT systems

    • Ensuring updates are applied to address system security flaws in a timely manner

    • Deploying security devices to restrict unauthorized network traffic

    • Implementing measures to mitigate the risk of malware infection

    • Securing the use of system accounts with special privileges to prevent unauthorized access

    • Strengthening user authentication for critical systems as well as systems used to access customer information

 

A concession is made for a period of 6 months from 6 August 2020 to 5 February 2021 (both dates inclusive) on implementation of multi-factor authentication if FIs meet all the following:

  • Risk assessment - Identify all risks or potential risks posed by FIs’ non-compliance to implement multi-factor authentication
  • Controls - Implement controls to reduce risks identified above
  • Appoint a committee or member of the senior management – They must agree with the risk assessment and find the implemented controls being adequate to reduce the risks

 

The TRM guidelines are a set of best practices that provide financial institutions with guidance on the oversight of technology risk management, security practices and controls to address technology risks. MAS expects FIs to observe the guidelines as this is taken into account in MAS’ risk assessment of the FIs.



 

Penalties and repercussions of non-compliance

In case of non-compliance with the MAS TRM guidelines, the FI can have penalties and repercussions in various forms which will include:

  • Reputational damage by being blacklisted or highlighted as an institution that does not comply with cyber security policies
  • Penalties in the form of fines of varying degree for not meeting the various requirements provided by the guidelines
  • Cancellation of license to conduct businesses activities and/or operate in Singapore

 


 

How can FIs prepare?

For a start, all FIs irrespective of system complexity should conduct a CYBER SECURITY RISK HEALTH CHECK.

sfit_cyber-security-risk-health-check

 

Learn how you can simply security and compliance with CISO2SME. 

 


About RSM Stone Forest IT
RSM Stone Forest IT has over 35 years of experience supporting mid-tier Financial Institutions (FIs) with cyber resilience and regulatory compliance. Our domain experts help clients achieve a secure and vigilant organisation through practical security solutions that integrate people, data, processes and technology within the cyber defence framework. 


 

 

 

Related Insights

Importance of CISO

Deciphering ERP vs Accounting Software: Unveiling the Key Di...

IT Outsourcing vs IT Managed Services

Road to IPO

Why Backup Microsoft 365?

Best practices for performing data backups

Increase ROI on IT assets

8 Data-backup Tips for a Resilient Digital-led Business Post...

Recent PDPA Amendments - w.e.f. 1 Feb 2021

The importance of IT policy

Four factors to consider in an outsourcing relationship

Trim the bloat to keep afloat

Windows 7 & Windows Server 2008 End of Life – Everything...

Achieving True Digital Transformation Success

Digital-led COVID-19 Recovery Strategy - Why it is important...

Cyber Safe Habits for SMEs and Employees

What is IT governance?

Microsoft Dynamics 365 Licencing Changes – What you should k...

Using IT outsourcing to move beyond the challenge

Chief Technology Officer-as-a-Service (CTO-as-a-Service) - D...

Zero Trust – No Longer A Buzzword But Becoming A Necessity

Outsourcing IT infrastructure: Benefits galore!

Data Protection Tips for Smes and Everyday Users

Digital AGM Made Easy

Have you been spending all your time firefighting? No time t...

Are you looking for the right IT vendor?

Digital Transformation DO’s and DON'Ts

Benefits of Outsourcing your IT function

Importance of CISO

Deciphering ERP vs Accounting Software: Unveiling the Key Di...

IT Outsourcing vs IT Managed Services

Road to IPO

Why Backup Microsoft 365?

Best practices for performing data backups

Increase ROI on IT assets

8 Data-backup Tips for a Resilient Digital-led Business Post...

Recent PDPA Amendments - w.e.f. 1 Feb 2021

The importance of IT policy

Four factors to consider in an outsourcing relationship

Trim the bloat to keep afloat

Windows 7 & Windows Server 2008 End of Life – Everything...

Achieving True Digital Transformation Success

Digital-led COVID-19 Recovery Strategy - Why it is important...

Cyber Safe Habits for SMEs and Employees

What is IT governance?

Microsoft Dynamics 365 Licencing Changes – What you should k...

Using IT outsourcing to move beyond the challenge

Chief Technology Officer-as-a-Service (CTO-as-a-Service) - D...

Zero Trust – No Longer A Buzzword But Becoming A Necessity

Outsourcing IT infrastructure: Benefits galore!

Data Protection Tips for Smes and Everyday Users

Digital AGM Made Easy

Have you been spending all your time firefighting? No time t...

Are you looking for the right IT vendor?

Digital Transformation DO’s and DON'Ts

Benefits of Outsourcing your IT function