Singapore, 26 May 2022... The Monetary Authority of Singapore (MAS) has imposed an additional capital requirement, of approximately S$330 million, on OCBC Bank (OCBC), given deficiencies in the bank’s response to a wave of spoofed SMS phishing scams in December 2021. OCBC is required to apply a multiplier of 1.3 times...
MAS Consults on Proposed Enhancements to Technology Risk and Business Continuity Management Guidelines
Singapore, 7 March 2019… The Monetary Authority of Singapore (MAS) today released two consultation papers on proposed changes to the Technology Risk Management (TRM) Guidelines and the Business Continuity Management (BCM) Guidelines. The changes will require financial institutions (FIs) to put in place enhanced measures to strengthen operational resilience. These take into account the rapidly changing physical and cyber threat landscape.
2 MAS proposes to expand the TRM Guidelines to include guidance on effective cyber surveillance, secure software development, adversarial attack simulation
3 MAS also proposes to update the BCM Guidelines to raise standards for FIs in the development of business continuity plans that will better account for interdependencies across FIs’ operational units and linkages with external service providers. FIs are encouraged to put in place an independent audit programme to regularly review the effectiveness of their BCM efforts.
4 The two Guidelines continue to emphasise the importance of risk culture, and the roles of Board of Directors and senior management in technology risk and business continuity management.
5 Mr Tan Yeow Seng, Chief Cyber Security Officer, MAS, said, “A cyber-attack can result in a prolonged disruption of business activities. Threats are constantly present and evolving in sophistication. We cannot afford to be complacent. Financial institutions must therefore remain vigilant and have in place effective technology risk management practices and robust business continuity plans to ensure prompt and effective response and recovery."
6 The public consultation will run from 7 March to 8 April 2019. Copies of the public consultation papers are available on the MAS website: and . MAS welcomes feedback from FIs and other interested parties on the proposed changes to the Guidelines.
The TRM Guidelines were issued in 2013 to provide financial institutions with guidance on the oversight of technology risk management, security practices and controls to address technology risks.
The BCM Guidelines were first issued to the financial industry in June 2003, with a focus on the organisational response and recovery process to minimise the impact of business disruptions. Subsequently, an addendum was issued in January 2006 to provide further guidance on measures to mitigate the impact of influenza pandemic and security threats arising from terrorism.
The extent and degree to which an FI implements the Guidelines should be commensurate with the nature, size and complexity of its business operations.