The Monetary Authority of Singapore (MAS) is asking local financial institutions (FIs) to enhance their measures and to strengthen operational resilience in the context of the cyber threat landscape.
Mr. Tan Yeow Seng, Chief Cyber Security Officer, MAS, said, “A cyber-attack can result in a prolonged disruption of business activities. Threats are constantly present and evolving in sophistication.”
“We cannot afford to be complacent. Financial institutions must, therefore, remain vigilant and have in place effective technology risk management practices and robust business continuity plans to ensure a prompt and effective response and recovery.”
It has announced two consultation papers on proposed changes to the Technology Risk Management (TRM) Guidelines and the Business Continuity Management (BCM) Guidelines.
MAS proposes to expand the TRM Guidelines to include guidance on effective cyber surveillance, secure software development, adversarial attack simulation, and management of cyber risks posed by the Internet of Things. The proposals were developed in close partnership with the financial industry. The MAS Cyber Security Advisory Panel, which comprises international cybersecurity thought leaders, provided valuable inputs in shaping the proposed TRM Guidelines.
MAS also proposes to update the BCM Guidelines to raise standards for FIs in the development of business continuity plans that will better account for interdependencies across FIs’ operational units and linkages with external service providers. FIs are encouraged to put in place an independent audit programme to regularly review the effectiveness of their BCM efforts.
The two Guidelines continue to emphasize the importance of risk culture and the roles of the Board of Directors and senior management in technology risk and business continuity management.
The public consultation will run from 7 March to 8 April 2019. Copies of the public consultation papers are available on the MAS website.