New MAS Ruling to Strengthen Cyber Resilience of the Financial Industry

Jan 7 2020
Stone Forest IT

From 6 August 2020, Financial Institutions (FIs) must comply with a new set of requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector.

These mandatory elements in the existing MAS Technology Risk Management (TRM) Guidelines include: 
  • Establishing and implementing robust security for IT systems

  • Ensuring updates are applied to address system security flaws in a timely manner

  • Deploying security devices to restrict unauthorized network traffic

  • Implementing measures to mitigate the risk of malware infection

  • Securing the use of system accounts with special privileges to prevent unauthorized access

  • Strengthening user authentication for critical systems as well as systems used to access customer information


A concession is made for a period of 6 months from 6 August 2020 to 5 February 2021 (both dates inclusive) on implementation of multi-factor authentication if FIs meet all the following:

  • Risk assessment - Identify all risks or potential risks posed by FIs’ non-compliance to implement multi-factor authentication
  • Controls - Implement controls to reduce risks identified above
  • Appoint a committee or member of the senior management – They must agree with the risk assessment and find the implemented controls being adequate to reduce the risks

The TRM guidelines are a set of best practices that provide financial institutions with guidance on the oversight of technology risk management, security practices and controls to address technology risks. MAS expects FIs to observe the guidelines as this is taken into account in MAS’ risk assessment of the FIs.


Penalties and repercussions of non-compliance

In case of non-compliance with the MAS TRM guidelines, the FI can have penalties and repercussions in various forms which will include:

  • Reputational damage by being blacklisted or highlighted as an institution that does not comply with cyber security policies
  • Penalties in the form of fines of varying degree for not meeting the various requirements provided by the guidelines
  • Cancellation of license to conduct businesses activities and/or operate in Singapore



How can FIs prepare?

For a start, all FIs irrespective of system complexity should conduct a CYBER SECURITY RISK HEALTH CHECK.

SFIT_Cyber security risk health check


Review your IT security practices and response capabilities to deal with unexpected cyber threats or events now! 


Sign up for your
Complimentary Cyber Security Risk Health Check

Contact us to find out more

T&Cs apply.


About Stone Forest IT

Stone Forest IT has over 30 years of experience supporting mid-tier FIs. Our domain experts help FIs achieve a secure and vigilant organisation through practical solutions that integrate people, data, processes and technology within the cyber defence framework that builds cyber resilience and regulatory compliance. 



The Stone Forest group of companies provides a comprehensive suite of business solutions to support your business growth in Singapore and globally.

Subscribe to Newsletter

Get In Touch

8 Wilkie Road, #03-08
Wilkie Edge, Singapore 228095
+65 6533 7600