The Monetary Authority of Singapore (MAS) will consult on those standards and on proposed Technology Risk Management Guidelines before implementation of both proposals.
The Notice on Technology Risk Management defines and enforces a set of mandatory IT requirements for the financial industry. The Notice stipulates requirements for a high level of robustness and integrity of critical IT infrastructure and systems. It also specifies the requirement for financial institutions to implement IT controls to protect customer information from unauthorised access or disclosure.
Notices impose "legally binding requirements on a specified class of financial institutions or persons", MAS said. Guidelines, such as the more general one published on technology risk management, are not binding but "specified institutions or persons are encouraged to observe the spirit of these guidelines", it said.
MAS said in the consultation paper that it particularly invited comment from industry in relation to new proposals on data centre protection and controls; mobile banking and payment security; payment card system and ATM security, and combating cyber threats.
"With the advent of mobile banking and payment services using smartphones and mobile devices in Singapore, MAS has rightly anticipated and assessed the risks associated with this new online platform by seeking to provide updated guidance to financial institutions," said Rosemary Lee, counsel at Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, the law firm behind Out-Law.com.
"This is particularly relevant in this day and age of increasing data breaches and cyber attacks," said Lee. "It is important to ensure that financial institutions can conduct mobile banking and payments offerings in the mobile channel in a technologically sound manner, say by way of appropriate authentication and authorisation controls, in order to build consumer confidence."