In recent years, various technology innovations in areas such as card payment, mobile technology and system virtualisation have helped to expand financial institutions’ (FIs) business offerings and customer reach. Information technology (IT) outsourcing has also become more attractive to FIs due to the abundance of outsourcing services. Against the backdrop of an increased reliance on complex IT systems and operations in the financial sector is the heightened risk of cyber attacks and system disruptions. In this regard, FIs are expected to continue to deepen their technology risk management capabilities and be ready to handle IT security incidents and system failures.
The MAS Internet Banking and Technology Risk Management Guidelines have been revised and enhanced to better guide and address existing and emerging technology risks which confront FIs. Past circulars on endpoint security and data protection, information systems reliability, availability and recoverability etc. are now consolidated into a single set of guidelines. The new set of guidelines is now renamed as “Technology Risk Management Guidelines” to better reflect its purpose.
Together with the new guidelines, MAS has also issued a Notice which defines a set of legal requirements relating to technology risk management for FIs. These include requirements for a high level of reliability, availability and recoverability of critical IT systems and for FIs to implement IT controls to protect customer information from unauthorised access or disclosure.
If you have any queries, please email firstname.lastname@example.org.
Notices on Technology Risk Management can be accessed here.
Circular on Early Detection of Cyber Intrusion (click here to access)
Circular on Risk and Cyber Security Training For Board (click here to access)