This notice applies to the following capital markets entities in Singapore:
- all approved exchanges;
- all recognised market operators which are incorporated in Singapore;
- all licensed trade repositories;
- all approved clearing houses;
- all recognised clearing houses which are incorporated in Singapore;
- the Depository;
- all approved holding companies;
- all holders of a capital markets services licence;
- all Registered Fund Management Companies, as defined in regulation 2 of the Securities and Futures (Licensing and Conduct of Business) Regulations;
- all authorised benchmark administrators;
- all authorised benchmark submitters;
- all designated benchmark submitters; and
- all persons who are approved under section 289 of the Act to act as a trustee of a collective investment scheme which is authorised under section 286 of the Securities and Futures Act and constituted as a unit trust.
It sets out cyber security requirements on securing administrative accounts, applying security patching, establishing baseline security standards, deploying network security devices, implementing anti-malware measures and strengthening user authentication.