Singapore, 18 January 2021 The Monetary Authority of Singapore (MAS) today issued revised Technology Risk Management Guidelines (Guidelines) to keep pace with emerging technologies and shifts in the cyber threat landscape.
The revised Guidelines focus on addressing technology and cyber risks in an environment of growing use by financial institutions (FIs) of cloud technologies, application programming interfaces, and rapid software development. The Guidelines reinforce the importance of incorporating security controls as part of FIs’ technology development and delivery lifecycle, as well as in the deployment of emerging technologies.
The recent spate of cyber attacks on supply chains, which targeted multiple IT service providers through the exploitation of widely-used network management software, is a clear indication of a worsening cyber threat environment. The revised Guidelines set out the following enhanced risk mitigation strategies for FIs –
In light of FIs’ growing reliance on third party service providers, the revised Guidelines set out the expectation for FIs to exercise strong oversight of arrangements with third party service providers, to ensure system resilience as well as maintain data confidentiality and integrity.
The revised Guidelines provide additional guidance on the roles and responsibilities of the board of directors and senior management –
The revised Guidelines have incorporated feedback received from the public consultation conducted in 2019, MAS’ engagement with the industry, and MAS’ Cyber Security Advisory Panel (CSAP).1 MAS thanks all respondents for the invaluable suggestions in shaping the Guidelines.
Mr Tan Yeow Seng, Chief Cyber Security Officer, MAS, said, “Technology now underpins most aspects of financial services. Not only are financial institutions adopting new technologies, they are also increasingly reliant on third party service providers. The revised Guidelines set out MAS’ higher expectations in the areas of technology risk governance and security controls in financial institutions.”