MAS urges financial firms to adopt independent audit programmes

It aims to raise the standards for financial institutions in developing effective business continuity plans.

The Monetary Authority of Singapore (MAS) is proposing to updating the Business Continuity Management (BCM) guidelines to raise standards for financial institutions (FIs) in the development of business continuity plans that will better account for interdependencies across FIs’ operational units and linkages with external service providers.

As a result, FIs are encouraged to put in place an independent audit programme to regularly review the effectiveness of their BCM efforts.

The proposal is only one of many that the agency provided in two consultation papers concerning the Technology Risk Management (TRM) guidelines and the BCM guidelines. The proposed changes, which takes into account the rapidly changing physical and cyber threat landscape, will require FIs to put in place enhanced measures to strengthen operational resilience.

Also read: MAS sets guidelines for responsible AI and data analytics use

Meanwhile, MAS also suggested expanding the TRM guidelines to include guidance on effective cyber surveillance, secure software development and management of cyber risks posed by the Internet of Things (IoT).

“The two guidelines continue to emphasise the importance of risk culture, and the roles of Board of Directors and senior management in technology risk and business continuity management,” MAS highlighted in a statement.

The public consultation will run from 7 March to 8 April 2019. Copies of the public consultation papers are available on the MAS website.

The TRM guidelines were issued in 2013 to provide financial institutions with guidance on the oversight of technology risk management, security practices and controls to address technology risks. The BCM guidelines were first issued to the financial industry in June 2003, with a focus on the organisational response and recovery process to minimise the impact of business disruptions.