1 / 12

Navigating MAS TRM

Navigating MAS TRM. Fran Howarth Senior analyst Bloor Research. The importance of Singapore. Singapore as a financial centre. Singapore’s value proposition as a financial centre rests on: Smart regulation A diverse ecosystem A pan-Asian focus A deep talent pool. Overview.

lucinda-adriano
Download Presentation

Navigating MAS TRM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Navigating MAS TRM Fran Howarth Senior analyst Bloor Research

  2. The importance of Singapore

  3. Singapore as a financial centre Singapore’s value proposition as a financial centre rests on: • Smart regulation • A diverse ecosystem • A pan-Asian focus • A deep talent pool

  4. Overview • Guidelines were issued June 2013 • They are effective as of 1st July 2014 Although they are not legally binding, non-compliance can result in: • Financial penalties • Reputational damage • Revocation of licence to operate in Singapore

  5. Who does MAS TRM apply to? • Any financial institution that does, or want to do, business in Singapore—the main financial hub in Asia • Commercial banks, merchant banks, finance companies, insurance, securities, futures and fund management, financial advisers, money brokers, money changing and remittance businesses, business trusts, trust companies, payment and settlement systems • Includes all IT systems—previously just for online services

  6. Why is it needed • Increasing reliance on complex IT systems • Increased risk of security incidents and system failures • Need to address existing and emerging technology risks • Prevent attacks by rogue insiders

  7. Main principles Risk management principles and best practice standards: • Establish a sound and robust technology risk management framework • Strengthen system security, reliability, resiliency and recoverability • Deploy strong authentication to protect customer data, transactions and systems

  8. What the guidelines cover • Oversight of technology risks by board of directors and senior management • Technology risk management framework • Management of IT outsourcing risks • Acquisition and development of information systems • IT service management • Systems reliability, availability and recoverability • Operational infrastructure security management • Data centres protection and controls • Access control • Online financial services • Payment card security (ATMs, credit and debit cards) • IT audit

  9. What is legally binding: TRM Notices • Establish a framework and process to identify critical systems, whereby the failure of which will cause significant disruption to operations or materially impact customers • Ensure that maximum unscheduled downtime for each critical system does not exceed a total of four hours in any 12 month period • Notify MAS within one hour upon discovery of system malfunctions or security incidents • Submit root cause and impact analysis report to MAS within 14 days of the discovery of a system malfunction or an IT security incident

  10. Managing internal threats • Never alone principle • Segregation of duties principle • Access control principle

  11. Managing external risks • Manage the attack surface and protect from outsiders • Protection for network, endpoints, cloud and virtual resources • Identify security threats and vulnerabilities, prioritise threats, manage, remediate and report on risk

  12. Recommendations • Establish a checklist of: • All key IT-related matters and decisions, which the board and senior management must oversee • Key issues or matters to be considered • Key contractual terms for negotiation of future IT contracts • Establish a dedicated compliance team • Establish a dedicated incident preparedness and response team Source: Pinsent Masons MPillay

More Related