The Monetary Authority of Singapore (MAS) issued new Guidelines on Outsourcing Risk Management to financial institutions (FIs) following extensive industry and public consultation.
The Outsourcing Guidelines provide expanded guidance to the industry on prudent risk management practices for outsourcing, including cloud services, which have been adopted by a growing number of FIs. Key changes to the Guidelines include:
a) introduction of a new section on cloud computing that sets out MAS’ stance on cloud computing;
b) removal of expectation for FIs to pre-notify MAS of material outsourcing arrangements; and
c) revision to the definition of “material outsourcing arrangement” to include, under certain circumstances, an arrangement that involves customer information.
Mr Ong Chong Tee, Deputy Managing Director, MAS, said, “The new outsourcing guidelines reflect MAS’ continuing efforts to strengthen our guidance to financial institutions in this area. The revised guidelines build on the existing ones to better capture evolving threats such as offshoring business models and heightened cyber risks.”
The revised MAS Outsourcing Guidelines can be found at www.mas.gov.sg/Regulations-and-Financial-Stability/Regulatory-and-Supervisory-Framework/Risk-Management/Operational-Risk.aspx.
This set of Guidelines replaces the existing MAS Outsourcing Guidelines as well as circular on Information Technology Outsourcing.