MAS revises tech risk management guidelines amid growing cyberthreats
'%3e%3cpath%20d='M20.7725%2026.9924C20.9555%2026.9924%2021.1297%2026.953%2021.2951%2026.8741C21.4604%2026.7953%2021.6346%2026.6694%2021.8177%2026.4965L27.8373%2020.8125C27.9848%2020.6752%2028.0865%2020.5353%2028.1425%2020.3929C28.1985%2020.2505%2028.2264%2020.1183%2028.2264%2019.9962C28.2264%2019.869%2028.1985%2019.7343%2028.1425%2019.5918C28.0865%2019.4494%2027.9848%2019.3095%2027.8373%2019.1722L21.8177%2013.5417C21.6142%2013.3484%2021.4375%2013.2098%2021.2875%2013.1259C21.1374%2013.042%2020.9708%2013%2020.7877%2013C20.5181%2013%2020.2981%2013.0916%2020.1278%2013.2747C19.9574%2013.4578%2019.8722%2013.6765%2019.8722%2013.9308V16.8147H19.6509C18.2827%2016.8147%2017.1014%2017.0258%2016.107%2017.448C15.1127%2017.8701%2014.2963%2018.4805%2013.658%2019.279C13.0197%2020.0776%2012.5466%2021.0402%2012.2389%2022.1668C11.9312%2023.2934%2011.7773%2024.5612%2011.7773%2025.9701C11.7773%2026.3006%2011.8575%2026.5537%2012.0177%2026.7291C12.1779%2026.9047%2012.3597%2026.9924%2012.5632%2026.9924C12.7259%2026.9924%2012.89%2026.9593%2013.0553%2026.8932C13.2206%2026.8271%2013.3693%2026.6719%2013.5016%2026.4278C13.9441%2025.5936%2014.4553%2024.9413%2015.0351%2024.4708C15.6149%2024.0004%2016.2838%2023.6685%2017.0417%2023.4752C17.7995%2023.2819%2018.6693%2023.1853%2019.6509%2023.1853H19.8722V26.0998C19.8722%2026.3591%2019.9574%2026.5728%2020.1278%2026.7406C20.2981%2026.9085%2020.513%2026.9924%2020.7725%2026.9924Z'%20fill='black'%20fill-opacity='0.85'/%3e%3c/g%3e%3crect%20x='0.5'%20y='0.5'%20width='39'%20height='39'%20rx='19.5'%20stroke='%23F2F2F2'/%3e%3cdefs%3e%3cclipPath%20id='clip0_715_28555'%3e%3crect%20width='16.4491'%20height='14'%20fill='white'%20transform='translate(11.7773%2013)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
THE Monetary Authority of Singapore (MAS) on Monday issued revised technology risk management guidelines amid "clear indication" of a worsening cyberthreat environment.
This comes after the recent spate of cyberattacks on supply chains, which targeted multiple IT service providers through the exploitation of widely-used network management software, said the regulator in a statement.
MAS said the revised guidelines focus on addressing technology and cyber risks in an environment of growing use by financial institutions (FIs) of cloud technologies, application programming interfaces and rapid software development.
The guidelines outlined enhanced risk mitigation strategies for FIs, that is, to establish a robust process for the timely analysis and sharing of cyberthreat intelligence within the financial ecosystem; and to conduct cyber exercises to allow FIs to stress test their cyber defences by simulating the attack tactics, techniques and procedures used by real-world attackers.
MAS also said that in light of FIs' growing reliance on third-party service providers, the guidelines set out the expectation for FIs to exercise strong oversight of arrangements with third-party service providers, to ensure system resilience as well as maintain data confidentiality.
Additional guidance on the roles and responsibilities of the board of directors and senior management are also included in the new guidelines.
SEE ALSO
GET BT IN YOUR INBOX DAILY
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
The board and senior management should ensure that a chief information officer and a chief information security officer, with the requisite experience and expertise, are appointed and accountable for managing technology and cyber risks. The board should also include members with the relevant knowledge to provide effective oversight of technology and cyber risks, said MAS.
The revised guidelines had incorporated feedback received from a public consultation conducted in 2019, MAS's engagement with the industry and MAS's cybersecurity advisory panel.
Tan Yeow Seng, MAS chief cyber security officer, said: "Technology now underpins most aspects of financial services. Not only are financial institutions adopting new technologies, they are also increasingly reliant on third-party service providers. The revised guidelines set out MAS's higher expectations in the areas of technology risk governance and security controls in financial institutions."
KEYWORDS IN THIS ARTICLE
'/%3e%3cpath%20d='M35.1847%2014.0422L9.37867%2024.1703C8.88772%2024.363%208.86989%2025.051%209.35015%2025.2688L15.0551%2027.8567C15.2097%2027.9269%2015.327%2028.0594%2015.3778%2028.2212L17.8255%2036.0078C17.9491%2036.4009%2018.4247%2036.5534%2018.7539%2036.3054L23.0143%2033.0968C23.2178%2032.9435%2023.4961%2032.9364%2023.7072%2033.0787L30.8526%2037.8975C31.2091%2038.1378%2031.6951%2037.9339%2031.7732%2037.5114L35.9896%2014.7059C36.0747%2014.2456%2035.6206%2013.8712%2035.1847%2014.0422Z'%20fill='%23FDFEFF'/%3e%3cpath%20d='M15.3125%2027.9998L30.4162%2018.627L19.3691%2029.3628L19.548%2033.3966L18.9531%2036.1248C18.3783%2036.7236%2017.9297%2036.2772%2017.8477%2036.0662L15.3681%2028.178L15.2734%2028.0233L15.3125%2027.9998Z'%20fill='%23C8DAEA'/%3e%3cpath%20d='M18.3594%2036.4259L19.3511%2029.3447L23.519%2032.9856C23.303%2032.9612%2023.1588%2032.9863%2023.0268%2033.0859L19.0712%2036.0718C18.6289%2036.4572%2018.4297%2036.4455%2018.3594%2036.4259Z'%20fill='%23A9C9DD'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear'%20x1='33'%20y1='7.5'%20x2='19'%20y2='36.5'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%231E96C8'/%3e%3cstop%20offset='1'%20stop-color='%2337AEE2'%20stop-opacity='0'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
BT is now on Telegram!
For daily updates on weekdays and specially selected content for the weekend. Subscribe to t.me/BizTimes
Banking & Finance
Abu Dhabi returns to debt market with new US dollar bond
Ping An profit falls as market declines hurt investment returns
BOJ will hike rates if trend inflation accelerates, says Ueda
Binance’s rivals muscle in on Bitcoin trading around the world
Citi picks Amit Dhawan to head Singapore commercial bank operations
China finance ministry echoes Xi’s call for bond trading at PBOC
