Singapore, 5 December 2013 … MAS has been actively engaging Standard Chartered Bank (SCB) on the theft of some of its clients’ bank statements. The theft occurred at a third party service provider which SCB engaged to print these statements.

2   The bank has confirmed to MAS that this incident has not compromised the bank’s own IT systems or infrastructure. We will review SCB’s investigation report and consider if regulatory action against the bank is warranted.

3   Globally, financial institutions (FIs) have been facing an increasing number and variety of cyber threats.  MAS takes a serious view of such threats and has stringent requirements in place for FIs to protect the security of their IT systems and confidentiality of their client data. These include regular vulnerability assessments and penetration tests. They also include external audits of the effectiveness of their controls. These requirements apply regardless of whether such client data are processed in-house or at third party service providers.

4   The recent theft at SCB is an isolated case, but underscores the need for heightened vigilance in FIs, including close management of risks pertaining to service providers.

5   MAS has reminded all FIs to heighten their vigilance to safeguard their IT systems and customer information, including controls at third party service providers. MAS is paying special supervisory attention to FIs’ compliance with MAS’ requirements for IT outsourcing.