sg logo
mas logo
  Contact Info | Feedback | Sitemap
Search
Advanced Search
left sky
mas building
For Financial Institutions
For Researchers/Analysts
For Students
For Journalists
For Consumers
blank
arrow MONEYSENSE
arrow MASNET
arrow OPERA
arrow SGS
arrow SIC

Home > Regulations & Licensing > Banks & Merchant Banks > Banks Guidelines

print

Internet Banking and Technology Risk Management Guidelines
June 2008

MAS has updated the Internet Banking and Technology Risk Management Guidelines (IBTRM), following industry-based consultation and collaboration.

Internet banking systems and related online technologies have become increasingly complex, sophisticated and diverse. Web applications, server platforms, operating systems, gateways, routers, switches and network connectivities have inter-operated in a variety of ways which escalate and exacerbate cyber security risks.

The new version of IBTRM contains expanded guidance for combating cyber threats and attacks, including emerging cyber exploits. Technology risk management requirements for strengthening system, network and infrastructure security have also been enhanced.

Banks offering or delivering products and services via the internet or other telecommunication networks are expected to implement systems, procedures and processes to achieve the following objectives:

 a.

Establish a sound and robust technology risk management framework.

 b.

Strengthen system security, reliability, availability and recoverability.

 c.

Deploy strong cryptography and authentication mechanisms to protect customer data and transactions.

The Board and senior management are responsible for establishing sound and robust risk management policies and control systems in their banks' business operations. As part of this process, they have to continually monitor the adequacy and effectiveness of their risk management functions and security practices, as well as implement compliance and audit procedures to ensure that the measures and controls are properly observed and enforced. MAS will continue to appraise the adequacy of banks' risk management practices and internal control systems and processes.

MAS encourages financial institutions and industry associations to play a proactive role in educating customers on the benefits and risks of online financial services and products offered via the internet or other computer networks. Public confidence in online financial systems is enhanced through a process of disclosure of the high standards of risk management and security practices prevailing in the industry.

Comments on our guidelines can be forwarded to:
Mr Tony Chew, Director, Technology Risk Supervision
Monetary Authority of Singapore
10 Shenton Way MAS Building, Singapore 079117

email : tonychew@mas.gov.sg

IBTRM is available as a PDF file Download PDF File (PDF, 335KB).

Compliance Checklist for Internet Banking and Technology Risk Management Guidelines - IBTRMChecklist (Doc, 756KB). 

Note: IBTRM was issued in Mar 2001 and updated in July 2001, Sep 2002,  Jun 2003 and Jun 2008.

 
chart pic
Last modified on 24/7/2008
Privacy Statement | Terms of Use | Rate This Site Best viewed using IE 6.0+ at 1024x768 resolution 
Copyright © 2008 Monetary Authority of Singapore