Singapore authority publishes new financial services cyber guidance

Out-Law News | 20 Jan 2021 | 2:33 am | 1 min. read

The Monetary Authority of Singapore (MAS) has issued revised guidelines to financial institutions to help them address cyber-attack risks.

The revision follows recent cyberattacks globally and, according to MAS, focuses on how to tackle technology and cyber risks in financial institutions.

The guidelines apply to banks, payment services companies, and trading and insurance firms. Financial institutions are required to have strong oversight of the third party service providers and technology vendors.

Financial institutions should assess and manage the technology risks that could affect a third party's systems and data security before signing any agreement or partnership.

They should also ensure that third party and open source software code is reviewed and tested before being integrated into their own software. They also need to conduct cyber drills to stress test their cyber defences.

The revised version provides additional guidance on the roles and responsibilities of the board of directors and senior management in financial institutions. They should appoint a chief information officer and a chief information security officer who are experts on technology and cyber risks management. The board must also have members who know how to manage technology and cyber risks.

Technology expert Bryan Tan of Pinsent Masons MPillay, the Singapore joint law venture between MPillay and Pinsent Masons, the law firm behind Out-Law, said: “Supply chain vulnerabilities which were identified for the last two years as being an area of concern have hit home hard recently. Therefore, the regulations have now pivoted to cover off these new threats. In addition, the trend to increase investment in the cyber human capital continues with more recommendations on the experience required at board level.”