Legal Update:
Introduction
On 18 January 2021, the Monetary Authority of Singapore (“MAS”) issued the (revised) Technology Risk Management Guidelines focused on addressing technology and cyber risks in view of the growing use of cloud technology, application programming interfaces (“API”) and software development by financial institutions (each a “FI” and collectively, “FIs”)(the “Guidelines”).
The Guidelines focused on the following categories:-
guidance on the roles and responsibilities of the board of directors and senior management of FIs;
oversight and assessment of third-party vendors and entities that access the IT systems of FIs; and
introduction of monitoring, testing, reporting and sharing of cyber threats within the financial ecosystem.
We summarise the key amendments under each category below:-
(A) Roles and responsibilities of the Board of Directors and Senior Management
The Guidelines provide that the board of directors (the “Board”) and senior management of a FI (“Senior Management”) should ensure the appointment of a Chief Information Officer (“CIO”) (or its equivalent) and a Chief Information Security Officer (“CISO”) (or its equivalent).
The CIO and CISO will need to possess requisite experience and expertise and should be accountable for managing the FI’s technology and cyber risks. Notwithstanding the aforesaid, the Board and Senior Management should also comprise members who possess knowledge of technology and cyber risks.
Further to the above, the Guidelines expanded the responsibilities of the Board and Senior Management, providing an extensive list of responsibilities under sections 3.1.7 and 3.1.8.
MAS has clarified that the intent of the Guidelines is to ensure that the Board and Senior Management of the FI are able to exercise their oversigh ..
Support the originator by clicking the read the rest link below.
