The Monetary Authority of Singapore (MAS) has formally established new legislation aimed at improving the security posture of financial institutions in Singapore. The legislation stipulates that financial institutions must comply with six major requirements, such as focusing on ensuring the security of IT systems, timely security updates, and deploying security devices to limit unauthorized network traffic. These companies must also implement measures to reduce the risk of malware infection, ensure the security of privileged system accounts, and enhance user authentication for critical systems.
In addition, the legislation basically determines that the company will be required to enforce the key provisions of the existing MAS Technology Risk Management Guidelines. Theses guide was launched in 2013 and provide risk management advice, safety practical advice, and control recommendations to reduce the technical risks of the company.
MAS also issued a special reminder to financial entities that outsourced the system to third parties for management, requiring these financial entities to join the contract with their contractors to include the relevant terms and conditions referred to in the Act to ensure that systems managed by third parties are Requirements listed in the notice.
These measures will take effect on August 6 next year, and financial institutions need to be prepared within one year to ensure that these measures are followed.