The growing threat of cyber attacks has become a worrisome sign for not just businesses but governments and regulatory bodies as well, particularly those operating in the financial industry.
On 6th August 2019, the MAS (Monetary Authority of Singapore) released a set of legal requirements to raise the standards of cyber security and support cyber resilience in the financial sector.
Measures were set out by the MAS Technology Risk Management Guidelines (TRMG) for financial institutions like finance companies and insurance brokers to follow so they can fight the increasing risk of cyberthreats. In September 2018, MAS had sought feedback from the public on the idea of forming this set of cyber security measures into legal requirements. Most financial institutions welcomed these measures and made suggestions related to implementation of the requirements.
According to Tan Yeow Seng, the chief security officer of MAS has stated that the increase in digital footprint and extended use of the internet are primary causes for the increasing cyberthreats in the financial sector. Consequently, it has now become essential for businesses in the financial sector to stay vigilant and make sure that defenses are capable of countering evolving and diversified threats. This will help them avoid breaches and become compliant with the MAS TRMG as well. Good cyber hygiene can greatly protect financial institutions from popular types of cyber attacks.
Requirements of the MAS TRMG:
The six fundamental requirements of the MAS TRMG guidelines are:
- To make use of security devices to restrict unwanted traffic on the network.
- To create and implement strong security for systems.
- To prevent unauthorized access by securing the use of system accounts with role-based accounts.
- To ensure applications and systems are updated regularly so that security flaws are addressed in a timely and secure manner.
- To take measures to reduce risk of malware and viruses.
- To use strong authentication policies for systems that are critical or are used for accessing information.
Penalties and repercussions of non-compliance:
In case of non-compliance with the MAS TRMG, a financial institution can have penalties and repercussions in various forms which will include:
- Cancellation of license to conduct businesses activities and/or operate in Singapore.
- Reputational damage by being blacklisted or highlighted as an institution that does not comply with cyber security policies.
- Penalties in the form of fines of varying degree for not meeting the various requirements provided by the guidelines.
When will the requirements come into effect?
The requirements will be effective from 6th August 2020, with all financial institutions with a license being subject to the MAS TRMG. The measures will also be mandatory for payment service providers like cryptocurrency firms and e-wallet providers. This means that all businesses have just about a year to make preparations for and become compliant with the MAS TRMG.
How can businesses prepare?
The following essential measures can be taken to improve cyber security of all financial institutions irrespective of their system complexity or size.
- Perform proactive risk assessment to identify loopholes and flaws in your systems early and address them to avoid being breached.
- Make use of network segmentation to divide and isolate different parts of your network so that breaches can be easily identified and contained.
- Optimize your security policy to ensure that your institution follows the best security policies, provides access only to those who are authorized, and defines protocols to follow in case of a breach.
- Ensure regular updates of all your applications and systems, particularly malware protection systems so that they can tackle advanced and modern cyberthreats.
These are just some of the basic measures that you can take to protect yourself against cyber attacks and become compliant with MAS TRMG. If you would like to learn more about MAS TRMG or how to comply with the guidelines, please get in touch with our team.
Apvera is a cyber risk and compliance management company specializing in helping organizations achieve cyber resilience and regulatory compliance and address important MAS TRMG’s requirements. We are here to help you understand the requirements, comply with them and avoid reputational and financial losses because of non-compliance.