5 July, 2012


Legal News & Analysis – Asia Pacific – Singapore – Regulatory & Compliance


The Singapore financial services regulator has published the IT security standards that financial services companies operating there must adhere to.


The Monetary Authority of Singapore (MAS) will consult on those standards and on proposed Technology Risk Management Guidelines before implementation of both proposals.

The Notice on Technology Risk Management defines and enforces a set of mandatory IT requirements for the financial industry.  The Notice stipulates requirements for a high level of robustness and integrity of critical IT infrastructure and systems. It also specifies the requirement for financial institutions to implement IT controls to protect customer information from unauthorised access or disclosure. 
Notices impose "legally binding requirements on a specified class of financial institutions or persons", MAS said. Guidelines, such as the more general one published on technology risk management, are not binding but "specified institutions or persons are encouraged to observe the spirit of these guidelines", it said. 
MAS said in the consultation paper that it particularly invited comment from industry in relation to new proposals on data centre protection and controls; mobile banking and payment security; payment card system and ATM security, and combating cyber threats.
"With the advent of mobile banking and payment services using smartphones and mobile devices in Singapore, MAS has rightly anticipated and assessed the risks associated with this new online platform by seeking to provide updated guidance to financial institutions," said Rosemary Lee, counsel at Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons. 
"This is particularly relevant in this day and age of increasing data breaches and cyber attacks," said Lee. "It is important to ensure that financial institutions can conduct mobile banking and payments offerings in the mobile channel in a technologically sound manner, say by way of appropriate authentication and authorisation controls, in order to build consumer confidence."
For further information, please contact:
John Salmon, Partner, Pinsent Masons


Leave a Reply

You must be logged in to post a comment.