Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

Singapore's MAS sets out IT security standards for financial institutions

The Singapore financial services regulator has published the IT security standards that financial services companies operating there must adhere to. 14 Jun 2012

The Monetary Authority of Singapore (MAS) will consult on those standards and on proposed Technology Risk Management Guidelines before implementation of both proposals.

The Notice on Technology Risk Management defines and enforces a set of mandatory IT requirements for the financial industry.  The Notice stipulates requirements for a high level of robustness and integrity of critical IT infrastructure and systems. It also specifies the requirement for financial institutions to implement IT controls to protect customer information from unauthorised access or disclosure.

Notices impose "legally binding requirements on a specified class of financial institutions or persons", MAS said. Guidelines, such as the more general one published on technology risk management, are not binding but "specified institutions or persons are encouraged to observe the spirit of these guidelines", it said.

MAS said in the consultation paper that it particularly invited comment from industry in relation to new proposals on data centre protection and controls; mobile banking and payment security; payment card system and ATM security, and combating cyber threats.

"With the advent of mobile banking and payment services using smartphones and mobile devices in Singapore, MAS has rightly anticipated and assessed the risks associated with this new online platform by seeking to provide updated guidance to financial institutions," said Rosemary Lee, counsel at Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, the law firm behind Out-Law.com.

"This is particularly relevant in this day and age of increasing data breaches and cyber attacks," said Lee. "It is important to ensure that financial institutions can conduct mobile banking and payments offerings in the mobile channel in a technologically sound manner, say by way of appropriate authentication and authorisation controls, in order to build consumer confidence."

Recent Financial Services Experience

Join My Out-Law

  • See only the content that matters to you
  • Tailor Out-Law to your exact needs
  • Save the most useful content for later reading
  • Tailor our weekly eNewsletter to your interests

Join My Out-Law

Already signed up to My Out-Law? Sign in

Expertise in Financial Services

We help clients across the financial services sector achieve their strategic and commercial goals while managing legal and regulatory risk.

More about Financial Services