Financial institutions regulated by MAS, how to comply with TRMG?

by | May 17, 2016 | Blog, Business Continuity, IT consultancy | 0 comments

MAS, TRMG, FIs, DR, BC* are common acronyms when it comes to complying with Singapore guidelines. In most cases, board members, CEO, COO, CFO, CIO are aware that have to comply but the most difficult part for non-specialist is to understand what are the real challenges in terms of management, investment, policies, and risks.

*
#MAS : Monetary Authority of Singapore
#TRMG : Technology Risk Management Guidelines
#FI : Financial Institutions
#DR : Disaster Recovery
#BC : Business Continuity

Financial and insurance sector in 2015

In Singapore, the financial sector contribution in the gross domestic product was $47.77 billion (+7% year on year) with a growth of 5.3% in 2015. This represents 201,400 jobs, up by 4,500 from 2014 – source Strait Times and MOM.

The key players in this market are DBS, OCBC, UOB, Citi, Standard Chartered, but 1200 other financial institutions (FIs) are currently regulated by MAS (Monetary Authority of Singapore). These FIs can be commercial banks, merchant banks, insurance companies, Financial advisors, Trust companies…

Download our guide with the full list of regulated type of institution
>> download

The role of MAS and TRMG

“In recent years, various technology innovations in areas such as card payment, mobile technology, and system virtualization have helped to expand financial institutions’ (FIs) business offerings and customer reach. Information technology (IT) outsourcing has also become more attractive to FIs due to the abundance of outsourcing services. Against the backdrop of an increased reliance on complex IT systems and operations in the financial sector is the heightened risk of cyber-attacks and system disruptions. In this regard, FIs are expected to continue to deepen their technology risk management capabilities and be ready to handle IT security incidents and system failures”
“MAS stands for Monetary Authority of Singapore. Its mission is to promote sustained non-inflationary economic growth, and a sound and progressive financial centre.The Monetary Authority of Singapore (MAS) is governed by the MAS Act, which confers MAS powers to issue legal instruments for the regulation and supervision of financial institutions.

The Monetary Authority of Singapore (MAS) is governed by the MAS Act, which confers MAS powers to issue legal instruments for the regulation and supervision of financial institutions.

The guidelines on risk management aim to provide financial institutions supervised by MAS with guidance on sound risk management practices.” (source http://www.mas.gov.sg/)

The risks of non-compliance

The non-compliance to the Notice can result in:

  • Financial penalties
  • Reputational damage
  • Revocation of licence to operate in Singapore

How to comply with the TRMG?

There are some key requirements to comply with TRMG. Below we explain briefly the main actions to take.

First, you need to assess your Information System (IS) and find if you have a critical system. Then depending on your situation, you will have to set up a plan for business continuity for high availability and resiliency of your IS.

Also, you will have to work on your Disaster Recovery plan and set up processes to notify MAS.
Finally, you will also have to protect your customer’s data from any unauthorised access or disclosure.

Download our guide “MAS Technology Risk Management Guidelines: How to comply?”
>> Download

How Acuutech can help?

Acuutech is a global technology company with offices in London, Houston, and Singapore with the vision to be the global leader in technology Design, Delivery, and Support.

Acuutech has 20 years of experience providing servicing ranging from consulting to IT outsourcing, to commissioning and maintaining complex, multi-site IT-based operations globally for large to medium companies with industry experience in Marine, Finance, Legal, Transport, and Warehousing.

We can help you to assess your information system and assist you in filling the questionnaires to evaluate if you have critical systems. We will set up your disaster recovery plan, and advise you in terms of business continuity solutions. We will also assist you in your security strategy and customer’s data protection plan.