MAS Consults on Technology Risk Management Guidelines and Notice
Singapore, 13 June 2012... The Monetary Authority of Singapore (MAS) today released two consultation papers on Technology Risk Management (TRM).
2 The first paper is a set of enhanced guidelines on technology risk management and the adoption of sound security practices. The second paper is a Notice on Technology Risk Management which sets out the legal requirements for financial institutions.
3 The TRM Guidelines have been enhanced from the existing Internet Banking and Technology Risk Management Guidelines (IBTRM). A workgroup of IT security specialists from the major banks and technology experts provided input to MAS in the drafting stage. The enhanced guidelines provide guidance on the oversight of technology risk management and security practices of financial institutions to address technology risks to the financial industry. The guidelines will apply to all financial institutions, compared to IBTRM which focused primarily on the banking sector.
4 In addition, MAS is proposing to issue a Notice on Technology Risk Management to define and enforce a set of mandatory IT requirements for the financial industry. The Notice stipulates requirements for a high level of robustness and integrity of critical IT infrastructure and systems. It also specifies the requirement for financial institutions to implement IT controls to protect customer information from unauthorised access or disclosure.