MAS TRM Guidelines & Cyber-Hygiene for Singapore’s IBM i Community

The Monetary Authority of Singapore (MAS) is Singapore’s central bank and integrated financial regulator. In addition to this, MAS works with the financial industry to develop Singapore as a dynamic international financial centre. To ensure the integrity, security, and resilience, of the country’s financial system, among its many other tasks, MAS issue guidelines and laws concerning technology risk management, that affect all financial institutions operating in Singapore.

While the IBM Power i platform is unique in its security and compliance capabilities, it does still present a challenge to organisations in the financial industry looking to comply with TRM guidelines and legal requirements. The reality is that not many companies and vendors understand how to comply with such regulations on the IBM i platform. Working together with our business partners, Joule Tech can provide the solutions that will ensure that you remain compliant with MAS’s regulations and guidelines related to technology risk management.

MAS Technology Risk Management Guidelines

The Technology Risk Management (TRM) Guidelines are a set of best practices, provided by the Monetary Authority of Singapore, designed to provide financial institutions with guidance on the oversight of technology risk management, security practices and controls to address technology risks. The MAS expects financial institutions to observe these guidelines, and compliance with them will be taken into account in MAS’ risk assessment of financial institutions.

The Technology Risk Management Guidelines set out risk management principles and best practice standards to guide financial institutions in the following:

  • Establishing a sound and robust technology risk management framework;
  • Strengthening system security, reliability, resiliency, and recoverability; and
  • Deploying strong authentication to protect customer data, transactions and systems.

The TRM Guidelines were initially issued in June 2013. However, due to the fast moving technology landscape and cyber threat landscape, a new set of guidelines was issued in January 2021.

You may find a copy of the MAS TRM Guidelines (2021) here.

MAS Notices on Cyberhygiene

On 6th August 2019, the Monetary Authority of Singapore (MAS) issued a set of legally binding requirements to raise the cyber security standards and strengthen the cyber resilience of the financial sector in Singapore. The Notice on Cyber Hygiene sets out the measures that financial institutions are required to take in order to mitigate the growing risk of cyber threats.

The Notice builds upon the Technology Risk Management Guidelines, by making compulsory a number of key elements found there. Singapore financial institutions have until 6 August 2020 to put the measures in place – though for one of the requirements (concerning multi-factor authentication), an extension to 5 February 2021 is possible if the organisation meets a number of stipulated criteria.

 

The Notice on Cyber Hygiene makes it mandatory for financial institutions to comply with the following requirements:

  • Establish and implement robust security for IT systems;
  • Ensure updates are applied to address system security flaws in a timely manner;
  • Deploy security devices to restrict unauthorised network traffic;
  • Implement measures to mitigate the risk of malware infection; 
  • Secure the use of system accounts with special privileges to prevent unauthorised access; and
  • Strengthen user authentication for critical systems as well as systems used to access customer information. (that is: multi-factor authentication)
For more specific information on the Notice refer to the following:

How Can Joule Tech Help?

Due the IBM Power i being such a unique platform, many of the technology products you might expect to help ensure TRM compliance will either not work or perform inadequately on the platform. Working with our business partner, Help Systems, Joule Tech is able to help financial institutions in Singapore to meet the security, compliance, system management, and disaster recovery requirements defined within the MAS Technology Risk Management Guidelines and Notice on Cyber Hygiene. Please contact us for further information.

How HelpSystems Support MAS TRM Notices & Guidelines

Checklist for TRM Guidelines

Contact Us for more information