Technology as a Double-Edged Sword to Financial Institutions

In Alder, We Make Things Easier

Find out more on how our experts can help you and your business

With the broad spectrum of technological advancements over the last decade, the financial sector is currently undergoing a digital revolution. Such a development allows the Financial Institutions (FIs) to market their financial service offerings through an entire new, virtual platform and deliver a seamless customer experience. This allows them to stand out in today’s highly competitive business environment.

However, the adoption of high-tech innovations can be a double-edged sword, as it exposes the FIs to an increasing risk of cyberattacks. In early 2020, a massive hack was reported by US-based IT management software provider SolarWinds, that put thousands of their high profile clients around the world like Cisco, FireEye at risk of cyber intrusions. According to a recent news posted on The Straits Times, this cybersecurity incident has prompted the Monetary Authority of Singapore (MAS) to reassess the soundness and completeness of current risk management measures adopted by FIs. In January 2021, the MAS has issued a revised Technology Risk Management Guidelines for FIs to comply with. This helps to maintain a strong cyber resilience and safeguard the clients’ data against any breaches.

Hence, while riding the wave of digitalisation, FIs are responsible to assess their firm’s exposure to certain technology risks. They should put in place a comprehensive set of technology risk management framework that is consistent with the MAS guidelines in order to better manage the technology risks and cybersecurity threats. Due to an increasing reliance on third-party service providers to offer supports in part of the business processes, MAS requires all FIs to conduct an evaluation on the technology vendors in terms of their internal security approaches and quality assurance practices before entering into a contractual relationship.

Conclusion

In general, the regulatory obligations are equally applicable to all companies that intend to obtain any MAS licence, including a Payment Services Provider Licence or Capital Markets Services (CMS) Licence. By developing more stringent security controls and enhanced risk mitigation strategies, it will create a safe and trusted platform for customers to perform transactions and share their privacy data with the intended parties.

How we can help

Alder Corporate Services provides a complete suite of regulatory and compliance services supporting our clients’ businesses, including:

• Offer Professional Advice on the Specific Licence Requirements
• Assist with the MAS Licence Application (e.g. Payment Services Provider Licence, Capital Markets Services Licence etc)
• Review the Submission Documents
• Liaise with MAS on Licence Application-related matters
• Provide On-going Compliance Support Post-Licence Approval

Reference Materials

Jibilian, I., Canales, K. (2021). ‘The US is readying sanctions against Russia over the SolarWinds cyber attack. Here’s a simple explanation of how the massive hack happened and why it’s such a big deal’, Business Insider, 16 April. Available at: https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12

Tham, I. (2021). ‘MAS announces new rules in Singapore after SolarWinds cyber attack exposes firms around the world’, The Straits Times, 18 January. Available at: https://www.straitstimes.com/tech/tech-news/mas-announces-new-banking-rules-for-singapore-after-solarwinds-cyber-attack-exposes