MAS Consults on Proposed Technology Risk Management Amendments to Strengthen Financial Sector Resilience

      The Monetary Authority of Singapore (MAS) has issued a consultation paper proposing amendments to its Notices on Technology Risk Management (TRM).

      Aimed at strengthening Singapore’s financial sector resilience against emerging technology, cyber and AI-driven risks, the proposed amendments introduce enhanced compliance expectations for Financial Institutions (FIs).

      FIs across banking, insurance, payments and capital markets have until 31 July 2026 to submit feedback on the proposed changes. Once finalised, FIs are expected to have a 12-month transition period to implement the requirements.

      Affected Financial Institutions

      The proposed updates are intended to standardise technology risk management expectations across several key sectors and would impact multiple MAS regulatory notices:

      Banks and finance companies: Licensed banks (FSM-N05), merchant banks (FSM-N11) and finance companies (FSM-N09).

      Insurers and brokers: Licensed insurers, except captive insurers, marine mutual insurers and SPRVs (FSM-N03), and registered insurance brokers (FSM-N19).

      Payment Services: Designated payment system operators/settlement institutions and digital payment token (DPT) service providers (FSM-N13).

      Capital markets: Approved exchanges, clearing houses, trade repositories, benchmark administrators, capital markets services licensees and approved CIS trustees (FSM-N21).

      Credit Bureaus: Licensed credit bureaus (FSM-N17).

      Key Proposed Technology Risk Management Changes

      The proposed MAS TRM amendments cover the following technology resilience, cyber risk and operational resilience domains:

      • IT asset management – Maintain an accurate and up-to-date inventory of all IT assets.
      • IT risk assessment and monitoring – Establish and maintain an IT risk management framework that includes risk assessments, a risk register and key risk indicators.
      • Capacity planning and management – Implement a framework and process for capacity planning to manage critical systems.
      • Change management – Ensure changes to systems are properly authorised, tested, managed and implemented.
      • Continuous system and security monitoring – Continuously monitor system performance and security indicators for critical systems, with processes to respond to and remediate identified issues.
      • Immutable or offline data backup – Maintain immutable and/or offline backups to enable timely restoration of services.
      • Incident management – Implement an incident management framework and process to manage IT incidents effectively.
      • Monitoring of unscheduled downtime – Include partial or intermittent disruptions when calculating unscheduled downtime for critical systems.

      Together, these proposed changes signal MAS’ continued focus on strengthening technology governance, operational resilience and cyber preparedness across the financial sector. For FIs, the consultation presents an opportunity to assess whether existing frameworks are sufficiently robust, documented and scalable ahead of implementation.

      Immediate Action Items and Forward-Looking Considerations

      While the proposed changes remain under consultation, MAS is expected to retain many of the core requirements in the finalised Notices. FIs should use the consultation period and anticipated transition window to assess their current technology risk management framework, identify gaps across critical systems, strengthen governance over cyber and operational resilience, and plan remediation activity before the requirements take effect.

      Taking a forward-looking approach now can also help firms move beyond minimum compliance and build a more resilient operating model. By aligning technology inventories, risk assessments, monitoring, incident response and data backup capabilities with the proposed MAS expectations, FIs can better demonstrate regulatory readiness while reducing operational disruption and strengthening stakeholder confidence.

      How Waystone Can Help

      Waystone’s Compliance Solutions team supports financial institutions in navigating evolving regulatory expectations, including technology risk management, cyber resilience, operational resilience and compliance programme enhancement.

      If you would like to discuss how the proposed MAS TRM amendments may affect your organisation, or how Waystone can assist with readiness planning and implementation support, please contact your usual Waystone representative or get in touch with our APAC Compliance Solutions team below.

      Contact us

       Next post
      Share

      More like this

      Implications from Recent SFC Enforcement: Key Lessons for FRR and CMR Compliance

      On 1 June 2026, the Securities and Futures Commission (“SFC”) published a news release titled, “SFC reprimands and fines XHK…
      Read more

      Regulatory Updates May 2026 – APAC Region

      Stay informed with our Regulatory Update Navigate the ever-evolving regulatory landscape with our Regulatory Update. Our team of compliance experts…
      Read more

      Hong Kong SFC Circular on Account Opening Controls: Key Compliance Measures for Chinese Mainland Investor Accounts

      On 22 May 2026, the Hong Kong Securities and Futures Commission (SFC) issued an important circular titled “Expected controls for…
      Read more

      MAS Advisory on AI-Driven Threats: Implications for Financial Institutions

      As advanced AI systems gain the ability to autonomously discover and exploit vulnerabilities, MAS is urging financial institutions to strengthen…
      Read more

      MAS Circular: Supervisory Priorities for Capital Markets Entities in 2026/27

      A comprehensive overview of MAS’s supervisory priorities for 2026/27 and what firms should prepare for in the year ahead.
      Read more

      Regulatory Updates April 2026 – APAC Region

      Stay informed with our Regulatory Update Navigate the ever-evolving regulatory landscape with our Regulatory Update. Our team of compliance experts…
      Read more
      Contact us