Notice CMG-N02 Technology Risk Management
Requirements on technology risk management for capital markets entities.
Securities and Futures Act (Cap. 289) section 46 , section 46ZK , section 81R , section 101 and section 293 .
This notice applies to the following capital markets entities in Singapore:
- Approved exchanges.
- Licensed trade repositories.
- Approved clearing houses.
- Recognised clearing house operators which are incorporated in Singapore.
- Holders of a capital markets services licence.
- Recognised market operators which are incorporated in Singapore.
- Approved trustees.
It sets out requirements for a high level of reliability, availability and recoverability of critical IT systems and for service providers to implement IT controls to protect customer information from unauthorised access or disclosure.
See also:
Amendment Notes
- 03 Oct 2018
- Notice CMG-N02 (Amendment) 2018 (414.7 KB) dated 03 Oct 2018 takes effect.
- 01 Jul 2014
- Notice CMG-N02 (Amendment) 2014 (91.2 KB)dated 06 Mar 2014 takes effect.
- 21 Jun 2013
- Notice CMG-N02 takes affect.
Related to this Notice
-
FAQsLast Revised Date: 05 May 2023
FAQs - Notice on Technology Risk Management
Frequently asked questions about the Notice on Technology Risk Management.
-
GuidelinesPublished Date: 18 January 2021
Guidelines on Risk Management Practices – Technology Risk
Risk management principles and best practice standards to guide financial institutions in managing technology risk.
-
NoticesLast Revised Date: 05 October 2018
Notice CMG-N01 on Reporting of Suspicious Activities and Incidents of Fraud
When to report suspicious activities and incidents of fraud.
-
Forms and TemplatesPublished Date: 21 June 2013
Instructions on Incident Notification and Reporting to MAS
Provides guidance to financial institutions on the notification and reporting of incidents to MAS.
-
Forms and TemplatesPublished Date: 21 June 2013
Incident Reporting Template
Template for financial institutions to report incidents to MAS, including incidents relating to IT systems, cyber security, information loss and liquidity.