The MAS (Monetary Authority of Singapore) has proposed changes to its guidelines on technology risk and business continuity management in two new consultation papers.
The changes require financial institutions to put in place enhanced measures to strengthen operational resilience, taking into account the rapidly changing physical and cyber threat landscape, said a statement from the regulator.
“A cyber-attack can result in a prolonged disruption of business activities. Threats are constantly present and evolving in sophistication.We cannot afford to be complacent,” said MAS chief cyber security officer Tan Yeow Seng. “Financial institutions must therefore remain vigilant and have in place effective technology risk management practices and robust business continuity plans to ensure prompt and effective response and recovery.”
MAS proposes to expand the Technology Risk Management Guidelines to include guidance on effective cyber surveillance, assessment, testing, and incident management. It also covers secure software development, adversarial attack simulation, and management of cyber risks posed by IoT (Internet of Things) technology.
“With an evolving threat landscape and increasing reliance on technology to deliver financial services in new, innovative and efficient ways, these changes are not surprising,” said Natalie Curtis at Herbert Smith Freehills in Singapore.
“The draft guidelines require financial institutions to strengthen their cyber and operational resilience to keep ahead of potential threats. They also place a clear onus on boards and senior management to establish a strong technology risk management culture and have members who fully understand and can manage the institution’s technology risks.”
In addition, the MAS seeks to address risks from new technologies, such as APIs, smart electronic devices and virtualisation, which it says may increase cyber risk if not implemented and managed appropriately.
The proposals were developed in close partnership with the financial industry, and include inputs from the CSAP (Cyber Security Advisory Panel), which was formed in 2017 to advise MAS on cyber resilience strategies for the financial sector.
MAS also proposes to update the Business Continuity Management Guidelines to raise standards for financial institutions in the development of business continuity plans, specifically to better account for interdependencies across operational units and linkages with external service providers.
Institutions should continue to strengthen their ability to mitigate the potential impact of any attacks by identifying potential vulnerabilities and developing effective recovery plans, MAS said. They are also encouraged to put in place independent audit programmes to regularly review the effectiveness of their business continuity management efforts.
Both guidelines continue to emphasise the importance of risk culture, and the roles of board of directors and senior managers in technology risk and business continuity management.
(0)
(0)Archive
- October 2024(44)
- September 2024(94)
- August 2024(100)
- July 2024(99)
- June 2024(126)
- May 2024(155)
- April 2024(123)
- March 2024(112)
- February 2024(109)
- January 2024(95)
- December 2023(56)
- November 2023(86)
- October 2023(97)
- September 2023(89)
- August 2023(101)
- July 2023(104)
- June 2023(113)
- May 2023(103)
- April 2023(93)
- March 2023(129)
- February 2023(77)
- January 2023(91)
- December 2022(90)
- November 2022(125)
- October 2022(117)
- September 2022(137)
- August 2022(119)
- July 2022(99)
- June 2022(128)
- May 2022(112)
- April 2022(108)
- March 2022(121)
- February 2022(93)
- January 2022(110)
- December 2021(92)
- November 2021(107)
- October 2021(101)
- September 2021(81)
- August 2021(74)
- July 2021(78)
- June 2021(92)
- May 2021(67)
- April 2021(79)
- March 2021(79)
- February 2021(58)
- January 2021(55)
- December 2020(56)
- November 2020(59)
- October 2020(78)
- September 2020(72)
- August 2020(64)
- July 2020(71)
- June 2020(74)
- May 2020(50)
- April 2020(71)
- March 2020(71)
- February 2020(58)
- January 2020(62)
- December 2019(57)
- November 2019(64)
- October 2019(25)
- September 2019(24)
- August 2019(14)
- July 2019(23)
- June 2019(54)
- May 2019(82)
- April 2019(76)
- March 2019(71)
- February 2019(67)
- January 2019(75)
- December 2018(44)
- November 2018(47)
- October 2018(74)
- September 2018(54)
- August 2018(61)
- July 2018(72)
- June 2018(62)
- May 2018(62)
- April 2018(73)
- March 2018(76)
- February 2018(8)
- January 2018(7)
- December 2017(6)
- November 2017(8)
- October 2017(3)
- September 2017(4)
- August 2017(4)
- July 2017(2)
- June 2017(5)
- May 2017(6)
- April 2017(11)
- March 2017(8)
- February 2017(16)
- January 2017(10)
- December 2016(12)
- November 2016(20)
- October 2016(7)
- September 2016(102)
- August 2016(168)
- July 2016(141)
- June 2016(149)
- May 2016(117)
- April 2016(59)
- March 2016(85)
- February 2016(153)
- December 2015(150)
