Singapore regulator to form cloud computing guidelines

The Monetary Authority of Singapore is revising its 2004 outsourcing advice, increasing protection for sensitive customer data and scraping case by case screening of outsourcing agreements.

The MAS will provide guidance for cloud services

Monetary Authority of Singapore office. Credit: Terence Ong.

Lim Hng Kiang, deputy chairman of the Monetary Authority of Singapore (MAS), has said the regulator will revise its 2004 outsourcing guidelines to recognise the arrival since then of cloud services for financial firms.

Speaking on June 28th at a dinner hosted by the Association of Banks in Singapore, Kiang also said that the new guidelines will include provisions to safeguard customer information, as well as removing the obligation to notify the regulator whenever outsourcing arrangements are undertaken. The revised guidelines follow a consultation paper published in 2014. 

The 2004 guidelines were issued by the MAS to encourage proper risk management of outsourced IT services, and their guiding principle, said Kiang was that the: “MAS expects banks to manage outsourcing arrangements as if the services were conducted in-house.” 

Kiang cautiously welcomed financial firms move towards cloud-based outsourced services, saying that the MAS “recognises cloud services can offer various benefits such as scalability and advanced functionalities, and is amenable to banks leveraging on cloud services to fulfil their business and operational needs.” 

However, he qualified this with the proviso that financial firms must have risk management measures that were in line with the inherent scale and complexity of cloud-based outsourced services.

Kiang added that the regulator would be making the guidelines stricter in cases where sensitive data was shared with third parties providing outsourced services.

One area where the MAS has loosened its regulatory oversight is in the approval process of outsourced services. Recognising that the regulator simply cannot keep up with the growth of outsourced services, the MAS will scrap its requirement to screen agreements on a case to case basis. Instead, Kiang said, the MAS “Will continue to assess and monitor the robustness of FIs’ outsourcing risk management frameworks while financial firms will continue to be responsible for ensuring the safety of all of their outsourcing arrangements.”

The MAS has not specified when the new guidelines will be released.

Tweet about this on TwitterEmail this to someoneShare on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*