The Monetary Authority of Singapore released two consultation papers on proposed changes to the Technology Risk Management (TRM) Guidelines and the Business Continuity Management (BCM) Guidelines yesterday – 7 March 2019.
The changes will require financial institutions’ to put in place enhanced measures to strengthen operational resilience. These take into account the rapidly changing physical and cyber threat landscape. The public consultation will run from 7 March to 8 April 2019
MAS proposes guidelines to include cyber security
MAS proposes to expand the TRM Guidelines to include guidance on effective cyber surveillance, secure software development, adversarial attack simulation, and management of cyber risks posed by the Internet of Things. The proposals were developed in close partnership with the financial industry.
Mr Tan Yeow Seng, Chief Cyber Security Officer, MAS, said, “A cyber-attack can result in a prolonged disruption of business activities. Threats are constantly present and evolving in sophistication. We cannot afford to be complacent. Financial institutions must therefore remain vigilant and have in place effective technology risk management practices and robust business continuity plans to ensure prompt and effective response and recovery.”
The MAS Cyber Security Advisory Panel (CSAP) which comprises international cyber security thought leaders, provided valuable inputs in shaping the proposed TRM Guidelines.
The Guidelines continue to emphasise the importance of risk culture, and the roles of Board of Directors and senior management in technology risk and business continuity management.
MAS guidelines to raise standards of financial institutions
MAS also proposes to update the BCM Guidelines to raise standards for FIs in the development of business continuity plans that will better account for interdependencies across FIs’ operational units and linkages with external service providers.
FIs are encouraged to put in place an independent audit programme to regularly review the effectiveness of their Business Continuity Management efforts.