Skip to content
Singapore skyline
Singapore skyline

News -

Monetary Authority of Singapore to gain new powers to enforce technology risk management requirements

Wayne Scott, Regulatory Compliance Solutions Lead at NCC Group

The Parliament of Singapore has passed new laws this month that will award the Monetary Authority of Singapore (MAS) with new powers to enforce technology risk management requirements for financial institutions.

Failure to comply with regulation could result in fines of up to $1 million – or even higher if several rules are broken, or if an incident impacts the financial institution’s customers or other partners, for example.

Singapore has been leading the way on promoting better operational resilience and third-party risk management in the financial services sector. The new laws follow the publication of new Technology Risk Management (TRM) guidelines last year, which required financial institutions to have risk mitigation and business continuity measures in place.

Regulating technology risk with escrow

Although not a new concept, it is vital that financial institutions consider the risks associated with increasing reliance on third-party software. The TRM guidelines lay out detailed steps financial institutions should take to mitigate the associated risk including specifically naming escrow agreements and verification testing as a viable mechanism to mitigate supplier failure. Indeed, escrow continues to be the most recommended and proportional way to regulate technology risk.

Software resilience by design no matter who develops critical software

The guidance also establishes the responsibilities of the Board of Directors and senior management in assessing and management in assessing and managing third-party network. And, sets out that where financial institutions are developing their own software in-house, they should implement and follow strict security standards – further assuring that even if a third-party provider is not used, TRM requirements are still considered.

People related risk

Setting an example for other governments to follow, the new laws go even further than before to regulate supply chain risk, by equipping the MAS with the power to issue prohibition orders to individuals who have shown themselves to be unfit to perform key roles in the industry, including those in risk management roles.

Making business continuity & risk management a priority

With technologies growing in complexity and the cyber threat landscape evolving rapidly, the approach taken by Singapore serves as a blueprint for other governments and regulators around the world to follow. For financial institutions, reviewing business continuity and risk management practices to ensure they are compliant with the guidelines should, as always, be a priority.



Press contacts

NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7824 412 405

Related content

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom