Tighter regulations aim to enhance resilience and recovery strategies within the financial sector
SINGAPORE: The Monetary Authority of Singapore (MAS) has introduced stricter guidelines aimed at improving financial institutions’ (FIs) responses to service disruptions. These revised regulations require FIs to establish clear recovery times, crisis management structures, and comprehensive audits to enhance business continuity planning.
One of the key measures is the requirement for FIs to set specific recovery time targets for essential services, enabling them to prioritise resources and track recovery progress when disruptions occur. The MAS guidelines, released on Monday (Jun 6), also stress the importance of identifying critical business functions, such as cash transactions, insurance claims, payment systems, and cross-border fund transfers.
Additionally, FIs must map out all dependencies involved in delivering critical services, covering aspects like personnel, technology, and other resources. To ensure third-party service providers can meet the target recovery times, institutions are advised to establish and review service-level agreements, audit third-party performance, and conduct joint tests with vendors.
These updated guidelines come in the wake of increased digitalisation in the financial sector and lessons learned from the Covid-19 pandemic. They also follow a series of significant disruptions within Singapore’s banking industry, including a two-day outage of DBS’ digital banking services in November and a two-hour disruption in UOB’s services in July.
“Given the increasingly complex environment, these new guidelines will help financial institutions adopt a more agile and comprehensive approach to maintaining critical services amid disruptions,” said Vincent Loy, MAS’ Assistant Managing Director for Technology.
The revised guidelines, which will come into effect on Jun 6, 2023, also emphasise the need for regular audits and industry-wide exercises. The first independent audit of business continuity plans must be completed by Jun 6, 2024, and thereafter conducted every three years.
A key focus of the new regulations is addressing concentration risks, with a particular emphasis on ensuring the board and senior management are accountable for overseeing the institution’s business continuity strategies. This reinforces the importance of strong governance and leadership in managing potential disruptions.
