From 6 August 2020, Financial Institutions (FIs) must comply with a new set of requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector.
These mandatory elements in the existing MAS Technology Risk Management (TRM) Guidelines include:
-
Establishing and implementing robust security for IT systems
-
Ensuring updates are applied to address system security flaws in a timely manner
-
Deploying security devices to restrict unauthorized network traffic
-
Implementing measures to mitigate the risk of malware infection
-
Securing the use of system accounts with special privileges to prevent unauthorized access
-
Strengthening user authentication for critical systems as well as systems used to access customer information
|
A concession is made for a period of 6 months from 6 August 2020 to 5 February 2021 (both dates inclusive) on implementation of multi-factor authentication if FIs meet all the following:
- Risk assessment - Identify all risks or potential risks posed by FIs’ non-compliance to implement multi-factor authentication
- Controls - Implement controls to reduce risks identified above
- Appoint a committee or member of the senior management – They must agree with the risk assessment and find the implemented controls being adequate to reduce the risks
The TRM guidelines are a set of best practices that provide financial institutions with guidance on the oversight of technology risk management, security practices and controls to address technology risks. MAS expects FIs to observe the guidelines as this is taken into account in MAS’ risk assessment of the FIs.
Penalties and repercussions of non-compliance
In case of non-compliance with the MAS TRM guidelines, the FI can have penalties and repercussions in various forms which will include:
- Reputational damage by being blacklisted or highlighted as an institution that does not comply with cyber security policies
- Penalties in the form of fines of varying degree for not meeting the various requirements provided by the guidelines
- Cancellation of license to conduct businesses activities and/or operate in Singapore
How can FIs prepare?
For a start, all FIs irrespective of system complexity should conduct a CYBER SECURITY RISK HEALTH CHECK.
|
Learn how you can simply security and compliance with CISO2SME.
|
About Stone Forest IT
Stone Forest IT has over 35 years of experience supporting mid-tier Financial Institutions (FIs) with cyber resilience and regulatory compliance. Our domain experts help clients achieve a secure and vigilant organisation through practical security solutions that integrate people, data, processes and technology within the cyber defence framework.