The chief cybersecurity officer of the Monetary Authority of Singapore (MAS), Tan Yeow Seng, has announced that the regulator plans to raise requirements on cyber resilience in the financial industry, with a public consultation on cyber hygiene to be issued soon.
“MAS will be proposing to require all financial institutions to adopt cyber hygiene practices such as strong authentication, controlled use of administrative privileges and proper patch management,” said Mr Tan. “Cyber hygiene plays a critical role in protecting financial institutions’ system, sensitive information and customer data by providing a strong foundation in security.”
Financial institutions will be required to implement fundamental controls to strengthen their resilience to cybersecurity threats. Independent reviews will be conducted to ensure that they are compliant with the upcoming rules.
Trust is not simply making financial institutions liable for every loss suffered by a reckless user. It is about being a responsible participant in the payment ecosystem and that includes consumers, financial institutions and fintech firms.
– Tan Yeow Seng, Chief Cybersecurity Officer, Monetary Authority of Singapore
Standards will also be put in place concerning the responsibilities of financial institutions and customers in terms of e-payments.
Mr Tan commented: “It is important to stress that trust is not simply making financial institutions liable for every loss suffered by a reckless user. It is about being a responsible participant in the payment ecosystem and that includes consumers, financial institutions and fintech firms.”
The MAS is working with the Association of Banks in Singapore (ABS) to develop guidelines defining technology risks faced by the financial sector. Collaboration between banks is also on the cards, with plans to have banks co-operate to share information on cyber threats.
It has also joined forces with the Financial Services Information Sharing and Analysis Centre, to set up the Asia Pacific Regional Analysis Centre. This facility will allow financial institutions to share and receive information and resources on the threat landscape, and on potential countermeasures.