MAS Updates Guidelines on Internet Banking and Technology Risk Management
Singapore, 2 June 2008...The Monetary Authority of Singapore (MAS) has updated the Internet Banking and Technology Risk Management (IBTRM) Guidelines following consultation with the industry. The Guidelines aims to assist banks in:
Establishing a sound and robust technology risk management framework;
Strengthening system security, reliability, availability and recoverability; and
Deploying strong cryptography and authentication mechanisms to protect customer data and transactions
2 The revised IBTRM Guidelines provides expanded guidance for combating cyber threats and attacks, including emerging cyber exploits such as middleman attacks . It also recommends enhanced technology risk management requirements for strengthening system, network and infrastructure security, and articulates stronger procedures for system development and security testing.
3 MAS expects the Board and senior management of banks to be responsible and accountable for managing and controlling technology risks in their banks' business operations. As part of this process, they have to continually monitor the adequacy and effectiveness of their risk management functions and security practices, as well as implement compliance and audit procedures to ensure that the measures and controls are properly observed and enforced.
4 MAS encourages financial institutions and industry associations to play a proactive role in educating customers on the benefits and risks of online financial services and products offered via the internet or other computer networks. This will help promote a security conscious environment and enhance public confidence in online financial systems.