The Impact of the MAS Technology Risk Management Guidelines
The Monetary Authority of Singapore (MAS) recently issued a reminder that Financial Institutions (FIs) are responsible to conduct comprehensive due diligence and staff training for effective Technology Risk Management. Click here to know more about the guidelines.
Updates from MAS
In June 2013, MAS released a Technology Risk Management Guideline to set out risk management principles and best practice standards for FIs. Some of the key expectations the guideline sets are:
a. Establishing a sound and robust technology risk management framework
b. Instilling effective due diligence processes in people selection and IT outsourcing procedures
c. Ensuring IT security awareness throughout the organisation with comprehensive staff training
Though the guideline is not legally binding, a degree of risk is associated with not complying with these set out practices. In particular, the impact on customers will be immediate and thus eventually affecting reputational damage, regulatory breaches, revenue and business losses.
Have you conducted your due diligence?
As people play an important role in managing systems and processes in an IT environment, FIs are encouraged to implement a screening process that is comprehensive and effective. This will involve due diligence on staff, vendors and contractors such as outsourced service providers to ensure that any review or assessment for regulatory, audit or compliance purposes can be carried out. Regulators are authorised to inspect, supervise or examine the service provider’s role, responsibility, obligations, functions, systems and facilities, if required.
Thomson Reuters World-Check Risk Intelligence ensures that sanctioned and unsanctioned risk are covered for you in a timely manner, putting you one step ahead of risk that could appear in your business and human networks. In addition, Thomson Reuters IntegraScreen™ conducts background checks on outsourced service providers to obtain intelligence on their financial status, industry reputation, their reliability and identify any issues concerning technology breaches.
Have you trained your internal staff and service providers?
A prerequisite of any effective compliance program is the communication to and consistent training of employees relative to internal policies and procedures. With the above guideline requirements, an increasingly mobile workforce and shrinking developmental budgets, compliance officers need to satisfy the delivery of accurate, engaging, and cost-effective training, while evidencing comprehension and completion of such training. Moreover, the training program needs to be updated annually so your workforce stays up-to-date with industry best practices.
Thomson Reuters eLearning offers comprehensive and cost-effective training solutions around IT Security Awareness which are already being used by some of the large local banks. Our training solutions are quick to implement within your organisation and will help you to meet the training standard MAS sets out in this guideline.