Technology and Cyber Resilience

MAS issued revised Technology Risk Management Guidelines to keep pace with emerging technologies and shifts in the cyber threat landscape

18 January 2021

MAS’ Technology Risk Management Guidelines were enhanced to address technology and cyber risks related to increasing use of cloud technologies, application programming interfaces and rapid software development within the financial sector. The revised Guidelines also provided guidance on the management of third-party services, and emphasised the roles of the board of directors and senior management in ensuring the stability of the technology function and the cyber resilience of the financial institutions (FIs).

MAS consulted on new rules aimed at addressing the risk of impersonation fraud

10 November 2020

The proposed Notice, which is targeted for publication by end 2021, would prescribe the types of information FIs must use to verify an individual during non-face-to-face contact such as phone banking. In particular, common personal information such as NRIC number, residential address and date of birth, must not be used as the sole means to verify the identity of a customer.

MAS’ Cyber Security Advisory Panel (CSAP) shared insights and recommendations on cyber risks in the new operating environment amid COVID-19 and emerging technologies

10 November 2020

Key recommendations from the CSAP included the need for FIs to assess if their existing risk profiles have changed and remain acceptable, so as to ensure that appropriate controls are implemented to mitigate any new risks in the long run. The recommendations also included the need for FIs to maintain oversight of third-party vendors and their controls; and the need to strengthen their governance over the use of open-source software.