Notice CMG-N02 Technology Risk Management
Requirements on technology risk management for capital markets entities.
Securities and Futures Act (Cap. 289) section 46 , section 46ZK , section 81R , section 101 and section 293 .
This notice applies to the following capital markets entities in Singapore:
- Approved exchanges.
- Licensed trade repositories.
- Approved clearing houses.
- Recognised clearing house operators which are incorporated in Singapore.
- Holders of a capital markets services licence.
- Recognised market operators which are incorporated in Singapore.
- Approved trustees.
It sets out requirements for a high level of reliability, availability and recoverability of critical IT systems and for service providers to implement IT controls to protect customer information from unauthorised access or disclosure.
See also:
Amendment Notes
- 03 Oct 2018
- Notice CMG-N02 (Amendment) 2018 (414.7 KB) dated 03 Oct 2018 takes effect.
- 01 Jul 2014
- Notice CMG-N02 (Amendment) 2014 (91.2 KB)dated 06 Mar 2014 takes effect.
- 21 Jun 2013
- Notice CMG-N02 takes affect.
Related to this Notice
-
NoticesLast Revised Date: 05 October 2018
Notice CMG-N01 on Reporting of Suspicious Activities and Incidents of Fraud
When to report suspicious activities and incidents of fraud.
-
CircularsPublished Date: 09 October 2015
SRD TR 03/2015: Technology Risk and Cyber Security Training for Board
Sets out MAS’ expectations on financial institutions to have in place a comprehensive technology risk and cybersecurity training programme for their board of directors and senior management.
-
CircularsPublished Date: 09 October 2015
SRD TR 03/2015 Circular on Technology Risk and Cyber Security Training for Board
-
CircularsPublished Date: 24 August 2015
SRD TR 01/2015: Circular on Early Detection of Cyber Intrusion
Guidance to all financial institutions on early detection of cyber security intrusions.
-
CircularsPublished Date: 26 September 2014
SRD TR 02/2014 IT Security Risks Posed By Personal Mobile Devices
Reminder to all financial institutions to be cognisant of the heightened security risks associated with the Bring Your Own Device (BYOD) practice.
-
FAQsPublished Date: 21 June 2013
FAQs - Notice on Technology Risk Management
Frequently asked questions about the notice on Technology Risk Management.
-
GuidelinesPublished Date: 01 June 2013
Guidelines on Risk Management Practices – Technology Risk
Risk management principles and best practice standards to guide financial institutions in managing technology risk.