MAS proposes new requirements for financial institutions to better guard against cyberattacks

MAS proposes new requirements for financial institutions to better guard against cyberattacks

Singapore skyline, CBD
Singapore's skyline. (File photo: AFP/Roslan Rahman)

SINGAPORE: Financial institutions in Singapore could have to implement six security measures as part of new proposed requirements by the Monetary Authority of Singapore (MAS) to strengthen their cyber resilience and better guard against cyberattacks.

In a press release on Thursday (Sep 6), the central bank said breaches are often the result of insecure system configurations or compromised system accounts.

To counter this risk, it is proposing for financial institutions to implement these six measures:

  • Address system security flaws in a timely manner
  • Establish and implement robust security for systems
  • Deploy security devices to secure system connections
  • Install antivirus software to mitigate the risk of malware infection
  • Restrict the use of system administrator accounts that can modify system configurations
  • Strengthen user authentication for system administrator accounts on critical systems

These measures are already part of the existing MAS Technology Risk Management Guidelines, but the regulator is proposing to stipulate them as a baseline hygiene standard for cybersecurity by elevating them into legally binding requirements, the press release said.

This is a further move by MAS to safeguard the industry from online attacks in the wake of the SingHealth attack that resulted in 1.5 million patient records being stolen

MAS in July had instructed all financial institutions to tighten their customer verification process, and that they should not rely solely on the types of information stolen such as name, NRIC number and address.

The new proposed measures by MAS were welcomed by Singapore banks.

United Overseas Bank (UOB) said the measures will strengthen the security standards in the financial industry. 

"To safeguard our systems against cybersecurity threats, we have in place robust policies, processes and practices which incorporate the comprehensive control requirements set out by the MAS in its technology risk management guideline," said UOB head of group technology and operations Susan Hwee.

A spokesperson from DBS Bank added: "We expect to continue to increase our capabilities over the next few years, including deepening partnerships with cybersecurity authorities and regulators.

"Going forward we also expect cybersecurity thinking to converge with risk management in other areas such as use of data and risk of insider misuse of computer assets. Being able to manage risks in this converged way will be useful." 

The public consultation will run from Sep 6 to Oct 5 this year, and the consultation paper is available on MAS' website, it added.

Source: CNA/kk