The Monetary Authority of Singapore (MAS) has issued its revised guidelines on technology risk management to “keep pace with emerging technologies and shifts in the cyber threat landscape”, says the central bank.

The revised guidelines focus on addressing technology and cyber risks amid the growing use of cloud technologies, application programming interfaces and rapid software development by financial institutions (FIs).

According to MAS, the guidelines reinforce the importance of incorporating security controls as part of FI’s technology development and delivery lifecycle, as well as the deployment of emerging technologies.

The guidelines also came about due to the recent spate of cyber attacks on supply chains, which targeted IT service providers through the use of widely-used management software.

This, says MAS, is a “clear indication of a worsening cyber threat environment”.


Want our latest Singapore corporate news stories for FREE

Follow our Telegram, Facebook for the latest updates round the clock

SEE: MAS awards digital bank licences to two consortiums, two entities


On this, the revised guidelines have recommended that FIs establish robust processes for the timely analysts and sharing of cyber threat intelligence within the financial ecosystem. It adds that FIs should conduct cyber exercises to allow them to stress test their cyber defences by simulating attack tactics and techniques, for instance.

The revised guidelines also set out the expectation for FIs to exercise strong oversight of arrangements with third party service providers to ensure system resilience and maintain data confidentiality.

In addition, the guidelines have further stressed on the roles and responsibilities of the board of directors and senior management, including the appointment of a chief information officer and chief information security officer, who should be appointed and held accountable for managing technology and cyber risks.

On the revised guidelines, MAS’s chief cyber security officer, Tan Yeow Seng says, ““Technology now underpins most aspects of financial services. Not only are financial institutions adopting new technologies, they are also increasingly reliant on third party service providers. The revised guidelines set out MAS’ higher expectations in the areas of technology risk governance and security controls in financial institutions.”