Notice CMG-N02 Technology Risk Management
Requirements on technology risk management for capital markets entities.
This notice applies to the following capital markets entities in Singapore:
- Approved exchanges.
- Licensed trade repositories.
- Approved clearing houses.
- Recognised clearing house operators which are incorporated in Singapore.
- Holders of a capital markets services licence.
- Recognised market operators which are incorporated in Singapore.
- Approved trustees.
It sets out requirements for a high level of reliability, availability and recoverability of critical IT systems and for service providers to implement IT controls to protect customer information from unauthorised access or disclosure.
Template for financial institutions to report incidents to MAS, including incidents relating to IT systems, cyber attacks, information loss and liquidity.
Frequently asked questions about the Notice on Technology Risk Management.
Risk management principles and best practice standards to guide financial institutions in managing technology risk.
When to report suspicious activities and incidents of fraud.
Provides guidance to financial institutions on the notification and reporting of incidents to MAS.