The Monetary Authority of Singapore (MAS) was founded in 1971 to oversee various monetary functions associated with financial and banking institutions. Throughout the years, their guidelines have been revised to manage emerging technologies and the evolving threat landscape. In June 2013, the MAS created a new set of guidelines for Internet Banking and Technology Risk Management (IBTRM). This addendum mandated certain requirements for Technology Risk Management (TRM) and also contained a set of guidelines (TRM Guidelines) and errata notices (TRM Notices).
The TRM Guidelines are statements of industry best practices that Financial Institutions (FIs) are expected to adhere to. This guidance is not legally binding but is used by MAS in risk assessment audits of FIs. These TRM Guidelines are outlined in 14 sections:
- Applicability of the Guidelines
- Oversight of Technology Risks
- Technology Risk Management Framework*
- Management of IT Outsourcing Risks
- Acquisition and Development of Information Systems*
- IT Service Management
- Systems Reliability, Availability & Recoverability
- Operational Infrastructure Security Management*
- Data Centres Protection & Controls
- Access Control*
- Online Financial Services
- Payment Card Security
- IT Audit
* Items in Bold are addressed by BeyondTrust Solutions.
This guidance promotes the adoption of sound security and operational practices for managing technology used by FIs, including:
- Asset Discovery and Risk Assessment
- Vulnerability and Configuration Scanning
- Risk Prioritization and Remediation
- Privileged Account Management
BeyondTrust supports these four practice areas. The remainder of this whitepaper discusses BeyondTrust solutions and the sections of MAS TRM Guidelines that are covered with this technology.