Regulated financial and insurances businesses in Singapore (FIs) must take additional compliance steps when managing their IT infrastructure and vendors, under the updated Technology Risk Management Guidelines recently introduced by the Monetary Authority of Singapore (MAS).
In particular, there is a greater emphasis on managing cyber risk and on closer regulation of IT vendors. The update to the Guidelines comes at a time when cyber threats and cyber attacks are becoming increasingly common.
Key updates to the Guidelines include the following:
Extended Roles and Responsibilities of the Board of Directors and Senior Management
The Board of Directors and senior management of FIs now have significantly greater responsibility for managing technology risk.
Among other things, the Guidelines recommend appointing a Chief Information Officer and a Chief Information Security Officer to manage the FI’s technology and cyber risks. In addition, senior management and the Board should include members who have the requisite skillset and experience for managing and overseeing the FI’s technology strategy and risks.
Assessments of Technology Vendors
Although due diligence and monitoring…
