Monetary Authority of Singapore moves to strengthen technology risk management – Technologist

The Monetary Authority of Singapore is eyeing to strengthen its capability to handle technology risk by putting in place measures that would require financial institutions to develop operational resilience.

The plan is to expand its Technology Risk Management (TRM) Guidelines issued in 2013 and the Business Continuity Management (BCM) Guidelines issued in 2003.

MAS said the two guidelines continue to emphasize the importance of risk culture, and the roles of board of directors and senior management in technology risk and business continuity management.

However, the regulator sees the need to take into account the rapidly changing physical and cyber threat landscape.

“A cyber-attack can result in a prolonged disruption of business activities. Threats are constantly present and evolving in sophistication. We cannot afford to be complacent,” said Tan Yeow Seng, Chief Cyber Security Officer, MAS, in a media statement.

MAS proposes to expand the TRM Guidelines to include guidance on effective cyber surveillance, secure software development, adversarial attack simulation as well as the management of cyber risks posed by the Internet of Things (IoT).

It also proposes to update the BCM Guidelines to raise standards for FIs in the development of business continuity plans that will better account for interdependencies across

Last week, it released the consultation papers for the TRM and BCM plans, which it said were developed in close partnership with the financial industry.

The public consultation will run from 7 March to 8 April 2019.  

In a speech last January at the launch of the Cyber Risk Management (CyRiM) Project Scenario, Elean Chin, Division Head of the Monetary Authority of Singapore said that in an increasingly digitised world, cyber attacks are becoming an almost daily occurrence and one of the biggest threats to doing business.

“Asia is one of the most digital connected economic blocks, with high internet connectivity and smartphone penetration levels. Yet, cybersecurity investment and data breach protection laws remain inadequate, she said.

“As a result, Asia-Pacific saw the highest number of compromised records and security events in the first half of last year, accounting for close to 40 percent of global cybersecurity incidents and 30 percent of compromised records worldwide,” she added.

Chin said in Singapore, the Cyber Security Act came into force in August 2018, which created a regulatory framework for the monitoring and reporting of cybersecurity threats.

The initiative of MAS in updating its TRM and BCM Guidelines is a move along this goal.

Moreover, within the financial services sector, MAS has partnered the Financial Services Information Sharing and Analysis Centre (FS-ISAC) to establish its Asia Pacific Regional Analysis Centre in Singapore.

“The Regional Centre, which supports member financial institutions across nine Asia-Pacific countries, allows its members to share and receive cyber threat intelligence,” she said.