The new rules aim to address technology and cyber risks of the financial institutions as they increasingly deploy cloud technologies, APIs, and rapid software development
The Monetary Authority of Singapore (MAS) has announced revised technology risk management guidelines for financial institutions to better prevent cyber risks.
The new rules aim to address technology and cyber risks of the financial institutions as they increasingly deploy cloud technologies, application programming interfaces (APIs), and rapid software development.
MAS stated that the revised guidelines come after a series of cyber attacks on supply chains that targeted several IT services firms by taking advantage of widely-used network management technology.
The regulator termed this as a ‘clear indication’ of a worsening cyber threat environment.
The revised guidelines aim to direct financial institutions to set up an effective process for the timely analysis and sharing of cyber threat insights within the financial ecosystem.
Furthermore, financial institutions will have to perform cyber exercises that allow them to stress test their cyber defences.
MAS said that the new rules will provide additional guidance on the roles and responsibilities of the board of directors and senior management of the institutions.
Under the new rules, the board and senior management should appoint a chief information officer and a chief information security officer, with the required experience and expertise, and make them accountable for managing technology and cyber risks.
Also, the board should comprise members with the required knowledge to provide effective oversight of cyber risks.
Commenting on the new guidelines, MAS chief cyber security officer Tan Yeow Seng said: “Technology now underpins most aspects of financial services. Not only are financial institutions adopting new technologies, but they are also increasingly reliant on third-party service providers.
“The revised Guidelines set out MAS’ higher expectations in the areas of technology risk governance and security controls in financial institutions.”