MAS announces new rules in Singapore after SolarWinds cyber attack exposes firms around the world
Posted January 18, 2021
- All financial services and e-payment firms in Singapore must, from Monday (Jan 18), follow a new set of central banking rules to better mitigate technology risks in the wake of a recent cyber attack which impacted organisations around the world.
- The Monetary Authority of Singapore (MAS) now requires all financial institutions to assess the suppliers of their technology vendors.
- In a typical assessment, suppliers may be asked to prove that their software source code is rigorously tested and they do not use unsafe programming practices. Suppliers may also be asked to reveal their security measures and how often they monitor cyber risks.
- Risks through the use of open application programming interface (API), a code that lets different applications talk to one another, are also addressed in the newly updated TRM rules.
- Banks have used APIs to automatically share foreign exchange rates, for example. This has allowed many external developers to build currency conversion apps using the data.
- Under the revised TRM rules, financial services firms must vet entities that access their APIs by looking at the nature of their business, cyber security posture, industry reputation and track record.
- They must also secure the development of the APIs and encrypt sensitive data transmitted to prevent leaks or hackers injecting malicious codes in the APIs.
– Irene Tham | January 18, 2021