MAS' position on technology risk management may be a windfall for technology providers
Is the regulator striking the right balance between the needs of the financial services industry versus technology providers? July 16, 2012 | Carol WheatcroftOn June 13th, Monetary Authority of Singapore (MAS) entered a one-month consultation period with financial institutions after issuing a consultation paper on the Guidelines for Technology Risk Management which invited interested parties to provide comment and feedback about the wide-ranging proposals contained within the paper. At the same time, the regulator issued a Notice to financial institutions including banks, insurers, brokers, money changers which contained a draft of legally binding requirements that is to be implemented for technology risk management provision once the consultation has been completed. There is a difference between a MAS guideline and a notice. MAS defines Guidelines as a set of principles or “best practice standards” that govern the conduct of specified institutions or persons. Contravention is not a criminal offence but the regulator encourages institutions to follow the guidelines. Notices are a regulatory notch higher as they impose legally binding requirements, contravention of which could be specified as a criminal offence by MAS. The technology risk management guidelines prescribe ‘best practice standards’ in relation to people, processes and procedures, laying out in very clear language what the regulator expects from financial institutions in terms of managing their technology risk practices in relation to the following areas: By issuing a notice in conjunction with the guidelines, the regulator is requiring regulated institutions to put a framework and processes in place to identify and maintain critical systems and report major incidences including reasons for system failure. The regulator is also stipulating that financial institutions must establish ... Please login to read the complete article. If you already have an account, you can login now or subscribe/register.
Categories: Operational Risk & Security, Regulation, Risk and Regulation, Technology & OperationsOperationalRiskSecurity,riskregulation,Risk and Regulation,technology, Operational Risk & Security,Regulation,Risk and Regulation,Technology & Operations, Keywords:MAS, APRA, Technology Risk Management, RTO MAS, APRA, Technology Risk Management, RTO
|