2 The first paper is a set of enhanced guidelines on technology risk management and the adoption of sound security practices. The second paper is a Notice on Technology Risk Management which sets out the legal requirements for financial institutions.
3 The TRM Guidelines have been enhanced from the existing Internet Banking and Technology Risk Management Guidelines (IBTRM). A workgroup of IT security specialists from the major banks and technology experts provided input to MAS in the drafting stage. The enhanced guidelines provide guidance on the oversight of technology risk management and security practices of financial institutions to address technology risks to the financial industry. The guidelines will apply to all financial institutions, compared to IBTRM which focused primarily on the banking sector.
4 In addition, MAS is proposing to issue a Notice on Technology Risk Management to define and enforce a set of mandatory IT requirements for the financial industry. The Notice stipulates requirements for a high level of robustness and integrity of critical IT infrastructure and systems. It also specifies the requirement for financial institutions to implement IT controls to protect customer information from unauthorised access or disclosure.
5 MAS invites interested parties to give their views and comments on the two consultation papers which are available on the MAS website, by 16 July 2012. [Click here to view the consultation papers].
***
Background
The first guidelines IBTRM were issued to the banking industry in March 2001, with subsequent updates in 2003 and 2008 to incorporate additional guidance for technology risks.