The Monetary Authority of Singapore (MAS) issued new legislation, the Technology Risk Management (TRM) guidelines, which go into effect July 2014. The guidelines are poised to completely change security regulations and compliance for the financial services industry.
Financial institutions will need to combine several solutions to address the full range of requirements outlined in the sections and subsections of the guidelines.
Previous MAS guidelines have used a traditional compliance and threat hygiene framework, with the primary focus on security controls and best practices.
The new guidelines are fundamentally different, going beyond compliance and threat frameworks.
They instead provide comprehensive coverage of credit, market, operational and technology risks, internal controls and risks related to insurance businesses. They also define the roles and responsibility of an institution’s Board of Directors (Board) and senior management in risk management and mitigation.
The new guidelines go into effect in July 2014, with annual audits starting in 2015. The general consensus is that these guidelines will be adopted far more broadly than the current guidelines and they they have the potential to change the very fabric of the financial services industry.
In large part, this belief is based on a much more holistic approach to risk as well as a dramatic increase in impact and scope of the guidelines. Previous regulation only applied to banks and Internet banking; the new TRM guidelines apply to all financial institutions that the MAS licenses, approves or regulates.
The impact of non-compliance could include loss of license to operate in Singapore and the potential loss of business in other key financial markets. In short, a lack of compliance has the potential to directly impact a financial institution’s bottom line.
Download the MAS TRM Guidelines here.
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock