The Monetary Authority of Singapore (MAS) has issued its revised guidelines on technology risk management. The purpose of the revised guidelines is to help financial institutions (FIs) stay abreast with the evolving technologies that are affecting the cyber threat landscape. The revised guidelines take into account the feedback received from public consultation, the industry, and the cyber security experts in MAS’ Cyber Security Advisory Panel (CSAP).
The cyber threat landscape is becoming more and more dangerous. The revised MAS guidelines reemphasize the need to implement security controls in FIs’ technology development and delivery lifecycle. MAS expects FIs to analyse and share cyber threat intelligence with other FIs in a timely manner. Moreover, FIs must stress test their cyber security framework through simulations of new kinds of cyber attacks. Since FIs are increasingly relying on third party service providers, MAS also expects FIs to monitor and ensure the robustness of their security systems and the maintenance of data confidentiality by third party service providers.
The updated guidelines also explain the roles and responsibilities of the board of directors and senior management. The board and senior management should ensure that only experienced experts fill the posts of Chief Information Officer and Chief Information Security Officer. Moreover, board members should be knowledgeable enough to effectively monitor technology and cyber risks.
Source: Monetary Authority of Singapore