Your Shopping Cart
By using this site you agree to our use of cookies. Please refer to our privacy policy for more information. Close
Singapore Internet Banking and Technology Risk Management Guidelines – Risk Management Framework – Summary of Requirements
- By: Staff Editor
- Date: April 11, 2013
The Monetary Authority of Singapore published its Internet Banking and Technology Risk Management guidelines in June 2008. This article provides an overview of the risk management framework that the guidelines require financial institutions to follow.
1. Aim of the Guidelines
By issuing these guidelines and expecting financial institutions to comply with them, the MAS expects the following to be achieved:
- Establishment of Technology-Risk Management Frameworks
- Strong Systems Security -make the technology infrastructure more reliable, available and recoverable
- Deployment of strong authentication mechanisms to secure customer data and protect transactions
2. Risk Management Framework
a. Action Principles
- Conduct proper risk analysis - Identify, categorize and assess relevant risks
- Develop and document a risk management plan consisting of policies and processes to help control these risks
- Continuously monitor these risks and the effectiveness of the plan
- Update the plan regularly; account for changes in
- Technology
- Legal requirements
- Business Environment (including internal and external threats)
- Security Vulnerabilities
b. Primary Requirements
- The board and the management must the responsibility for managing technology-risks. The senior management must directly oversee risk management functions.
- There must be a clear understanding between internet applications and back-end support
- Technology risks must form a part of the conceptualization stage of new internet based products or services
- Management should conduct periodic security risk assessment to identify internal and external threats that may undermine system integrity, interfere with service or result in the disruption of operations
- Security awareness, training and education programs should be conducted regularly
- Disaster recovery and business continuity plans must be developed and implemented and their effectiveness monitored
3. Risk Management Process
- Assess the value of the information system assets to be protected
- Categorize, rank and prioritize the assets
- Take business decisions on the control measures to be implemented in order to protect assets
- Implement and institutionalize asset protection policy and ensure top management commitment to it
- Integrate IT security strategy with top management deliverables
4. Risk Identification
- Enlist threats present in the Internet System Configuration
- This includes hardware and software, internal and external networks, applications, operations and human factors
- Consider both internet applications and the back-end implications
- Look at the interaction between the applications and the back end support as this is a key link
- Actively monitor risks that arise from the denial of service attacks, internal sabotage and malware infestations
5. Risk Assessment
- Quantify Risks. Define and rate non-quantifiable risks using a parallel scaling method
- Develop threat and vulnerability matrix
- Perform cost benefit analysis of risk management and risk control techniques
- Develop list of human factors such as motivations, resources and competencies required to carry out attacks to identify possible sources
6. Risk Control
- Entails the disaster recovery and business continuity parameters
- Must be instilled before implementation of framework
- Procedures must be developed in the context of cost effectiveness
- Must be a combination of technical, procedural and functional controls
- Needs to be constantly reassessed
- Risk control needs to be implemented as a regime or institutionalized as a part of the organization’s culture
7. Risk Treatment
- Risk treatment must adhere to all the listed treatment procedures
- Alternate treatments must be developed with cost impact in mind
- Risk treatment must be documented each time and the feedback must be included in the reassessment of risk control policies
Read the Singapore Internet Banking and Technology Risk Management Guidelines in full.
Compliance Trainings
Employee Expense Reimbursement Fraud: Detection, Prevention and Deterrence
By - Peter Goldmann
On Demand Access Anytime
By - Peter Goldmann
On Demand Access Anytime
Credit card surcharging - who is going to do it and what are the stipulations for compliance?
By - Ray Graber
On Demand Access Anytime
By - Ray Graber
On Demand Access Anytime
Compliance Standards
Best Sellers
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
-
By: Miles HutchinsonAdd to CartPrice: $249
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
-
San Francisco, CA | Aug 6-7, 2020
-
Virtual Seminar | Jul 16-17, 2020
-
Virtual Seminar | Jun 18-19, 2020
-
Los Angeles, CA | Aug 20-21, 2020
-
Virtual Seminar | Jul 16-17, 2020
-
Virtual Seminar | Jun 25-26, 2020
-
Virtual Seminar | Jun 10, 2020
-
Virtual Seminar | Jun 3-4, 2020
-
Virtual Seminar | Jul 6-7, 2020
-
San Francisco, CA | Oct 22-23, 2020
-
Virtual Seminar | Jul 9-10, 2020
-
Virtual Seminar | Jun 3-4, 2020
-
Virtual Seminar | June 3-4, 2020
-
Miami, FL | Jul 29-31, 2020
-
Virtual Seminar | Jun 17, 2020
-
Provider: ANSIAdd to CartPrice: $142
- Add to Cart
- Add to Cart
- Add to Cart
-
Provider: ANSIAdd to CartPrice: $120
-
Provider: ANSIAdd to CartPrice: $250
-
Provider: SEPTAdd to CartPrice: $299
- Add to Cart
-
Provider: Quality-Control-PlanAdd to CartPrice: $37
- Add to Cart
-
Provider: At-PQCAdd to CartPrice: $397
- Add to Cart
- Add to Cart
- Add to Cart
- Add to Cart
You Recently Viewed