MAS tightens guidelines for financial institutions to better manage service disruptions
TO strengthen financial institutions’ (FIs) responses to service disruptions, the Monetary Authority of Singapore (MAS) has tightened its guidelines for the sector.
It now requires FIs to set out recovery times and strategies for critical services, to undertake audits of their business continuity management frameworks, and to establish a crisis management structure with clearly defined roles, among other things.
Establishing a target duration of time to restore specific business services from the point of disruption will help these institutions prioritise resources and monitor the recovery progress during a disruption, the MAS set in a revised set of guidelines released on Monday (Jun 6).
The FIs should also identify critical business functions. Examples include cash transactions at a bank, payments clearing and settlement, insurance claims and policy renewals, and cross-border fund transfers.
FIs should also map out “end-to-end dependencies” covering the people, processes, technology, and other resources that support each critical service.
They should have measures in place that enable third-party service providers to meet the target recovery times, such as by establishing and regularly reviewing operational level or service level agreements that set out recovery expectations. Other such measures include conducting audits on third parties and performing joint tests.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
The new guidelines come amid increased digitalisation in the financial sector and also take into acocunt learnings from the sector’s handling of the Covid-19 pandemic, MAS said.
It also comes after several widespread disruptions in Singapore’s banking sector. For instance, DBS’ digital banking services suffered a 2-day outage in November last year, while UOB’s Internet and mobile banking services were down for a 2-hour stretch in July last year.
“Against the backdrop of an increasingly volatile and complex environment, the new guidelines will help financial institutions to take an agile and holistic approach in sustaining their critical business services when faced with threats and risk of disruption,” said MAS’ assistant managing director for technology Vincent Loy.
The revised guidelines will take effect on Jun 6, 2023.
Under the new guidelines, FIs should also conduct regular audits, tests, and industry exercises. The first independent audit of their business continuity plans — which should be undertaken every 3 years — is due by Jun 6, 2024.
FIs should also take steps to mitigate concentration risks.
In particular, the board and senior management in each institution are responsible for the FI’s business continuity and should provide leadership in establishing strong governance over its business continuity management plans, MAS said.
Copyright SPH Media. All rights reserved.
