Recognising the worsening environment of cyber threats while financial institutions (FIs) expand their adoption of emerging technologies to increase their operational efficiency and to deliver better customer service, the revised TRM Guidelines focus on the following:
- Board and Senior Management. Introduction of additional guidance on the roles and responsibilities of the Board of Directors and Senior Management (BSM)
- Management of third parties. Introduction of more stringent assessments of third-party vendors and entities that access the FI’s IT systems
- System and software development. Introduction of monitoring, testing, reporting and sharing of cyber threats within the financial ecosystem
We summarise on a non-exhaustive basis below, three broad categories of amendments and MAS’ higher expectations in the areas of technology risk governance and security controls in FIs.
Summary of new provisions
Many of the expectations in the revised TRM Guidelines are taken from the 2013 edition. To prevent fraudulent financial transactions, exfiltration of sensitive financial data or disruption of vital IT systems, we summarise and contrast against the 2013 edition, below, MAS’ enhanced…