Reed Smith Client Alerts

On 7 March 2019, the Monetary Authority of Singapore (MAS) published two consultation papers (CPs) proposing changes to its Technology Risk Management Guidelines (TRM Guidelines) and Business Continuity Management Guidelines (BCM Guidelines). This client alert outlines the key changes proposed, the likely impact on financial institutions (FIs) and the practical steps FIs should take in preparation for the changes.

Auteurs: Hagen Rooke Charmian Aw Peter Zaman Carolyn Chia (Resource Law LLC), Tania Teng (Resource Law LLC)

Background

The TRM Guidelines and BCM Guidelines, which apply to all types of FI in Singapore, aim to promote best-practice standards for FIs in the management of technology risk and business disruption risk. While contravention of these guidelines is not a criminal offence and does not attract civil penalties, FIs are encouraged to observe the spirit of these guidelines, and the degree of observance by an FI may have an impact on the MAS’ overall risk assessment of that FI.

The CPs issued on 7 March 2019 propose that FIs further enhance their operational resilience, and are driven in large part by the emergence of new risks since the TRM Guidelines and BCM Guidelines were issued (in 2013 and 2003 respectively), such as cyber threats and risks arising from the Internet of Things.1 These proposals confirm the MAS’ continued focus on cyber risks and coincide with the creation of a new MAS Technology Group, which has a mandate to drive digital transformation, enable an integrated approach to providing technology solutions and systems, and strengthen supervision of technology risks.

The proposals in the CPs have already received initial industry input, notably from the MAS Cyber Security Advisory Panel, which comprises international cyber security thought leaders.