Singapore’s financial services watchdog, the Monetary Authority of Singapore (MAS), is ramping up efforts to tackle cybersecurity vulnerabilities in the financial sector, with a strong emphasis on mitigating risks stemming from third-party providers and open-source software used in IT supply chains.
At a recent inaugural meeting of its Cyber and Technology Resilience Experts (CTREX) Panel, MAS brought together leading experts to assess emerging cyber threats and reinforce the resilience of Singapore’s financial system.
Among the panel’s key recommendations was a call for financial institutions (FIs) to take more proactive steps in managing risks linked to external software components and vendors.
The Cyber and Technology Resilience Experts (CTREX) Panel replaced MAS’ existing Cyber Security Advisory Panel, with an expanded mandate to cover technology and software resilience which, together with cybersecurity.
The panel stressed that financial institutions must maintain a detailed and dynamic inventory of all IT components they rely on, particularly third-party and open-source software. This mapping is crucial to uncover potential vulnerabilities in the digital supply chain, which are often overlooked but increasingly targeted by cyber attackers.
“Financial institutions can no longer treat third-party risks as peripheral,” said a CTREX spokesperson. “They need to fully understand where dependencies lie in their IT architecture and take deliberate steps to mitigate risks, especially from open-source software which may not always have the same level of scrutiny or maintenance as commercial products.”
“Financial institutions can no longer treat third-party risks as peripheral.”
– MAS spokesperson
This focus comes as global regulators heighten scrutiny over software supply chains following a spate of high-profile breaches exploiting vulnerabilities in open-source tools and third-party platforms.
The CTREX panel also recommended that institutions move beyond traditional, pre-scripted IT disaster recovery drills and incorporate unscripted scenarios to better prepare for real-world cyber incidents.
Additionally, they advised early preparation for post-quantum cybersecurity threats and stronger defenses against digital scams.
The two-day event also included a seminar co-hosted by MAS and the Association of Banks in Singapore, where CTREX members engaged with senior technology leaders from the financial sector.
The formation of the CTREX Panel in August 2024 underscores MAS’s commitment to staying ahead of evolving cyber risks and strengthening the overall resilience of Singapore’s financial sector amid an increasingly complex threat landscape.
GFTN network
The recent meeting came as MAS set up, at the end of last year, a Global Finance & Technology Network (GFTN) in a push “to further strengthen Singapore as a global FinTech hub and enhance global connectivity for impactful innovation in financial services.”
The establishment of the GFTN came amid a range of efforts in 2024 to improve digital resilience and testing capabilities in Singapore’s finance space.
“To further build on industry collaboration and enhance connectivity for impactful innovation in financial services, GFTN will be established to catalyse the growth of the Singapore FinTech ecosystem and drive greater synergies and networks with the global FinTech community,” MAS wrote.
The GFTN will work with MAS to advance industry and policy dialogues in payments, asset tokenisation, and AI/quantum.
Software testing, monitoring and the introduction of new digital infrastructure will be a vital part of this mandate, as well as the development, implementation and rollout of common QA standards.
Ravi Menon, Singapore’s Ambassador for Climate Action and a senior advisor at the country’s National Climate Change Secretariat, and Managing Director of MAS between 2011 and 2013, was appointed as Chairman of the GFTN Board of Directors.
In addition, Sopnendu Mohanty has been made Group Chief Executive Officer of GFTN from 1 February 2025 and relinquished his role as MAS’ Chief FinTech Officer on the same day, a role which was filled by Kenneth Gay.
Gay has been with MAS for over 20 years serving in regulatory and technology roles, and was previously Executive Director heading the Enterprise Knowledge Department, driving data and knowledge management as well as AI capability development, a role which he held until 31 January 2025.
Banking coalition
The latest announcements came amid a range of measures by MAS to increase software resilience and testing efforts in the country’s dominant financial services space.
Last year, MAS teamed up with banking giants DBS, HSBC, OCBC and UOB to develop and roll out quantum security capabilities in Singapore.
The regulator said a memorandum of understanding, which the different entities have signed, includes plans to study and test the application of quantum key distribution in the micro-state’s financial services sector via a range of sandbox projects.
Network provider SPTel and SpeQtral, a spin-out company from the Centre for Quantum technologies in Singapore, have also come onboard as part of the sector-wide digital resilience push, confirmed Vincent Loy, assistant managing director for technology at MAS.
“As quantum technology advances, it is vital for the financial sector to safeguard against potential cybersecurity threats that may be brought about by the technology,” stressed Loy.
“This will help MAS and financial institutions better understand QKD’s potential impact on operations and address challenges early.”
Loy added that “these technology trials can also inform and shape technology and cyber risk management policies towards quantum-proofing our financial systems.”
One of the primary goals of the collaboration is to develop secure communications by deploying fiber quantum key distribution and roll out space-based quantum communications technologies.
“Quantum key distribution can help financial institutions (protect the exchange of cryptographic keys to address the cybersecurity threats posed by quantum computing,” MAS said in a statement.
Eugene Huang, Group Chief Information Officer at regional banking giant DBS, explained his banks decision to take part and support the memorandum of understanding.
“While DBS has been familiarising ourselves with quantum computing’s potential to transform financial services, we are keenly aware of the dangers this fast-developing technology can bring,” Huang said.
“This MoU represents a significant step forward in safeguarding Singapore’s financial sector against looming cybersecurity risks associated with quantum,” he added.
Moreover, “by participating in the development of QKD use cases, we are not only enhancing our defences but also setting new standards for futureproofing our financial systems against bad actors seeking to exploit encryption technology,” Huang shared.
Testing
MAS and the other companies involved will focus on a range of areas including conducting a QKD proof-of-concept sandbox on financial sector use cases to evaluate its viability, effectiveness and applicability to financial services, and determine the feasibility of using QKD for quantum-safe communications within the financial sector.
Moreover, they will test the validity of the security properties of QKD, such as detecting eavesdropping attempts and preventing unauthorised access or tampering of QKD transmissions.
“This will help to verify QKD’s capability to provide robust security for sensitive data transfers, and enhance trust in its deployment within the sector,” MAS pointed out.
Furthermore, they plan to enhance technical competencies through knowledge exchange to equip MoU participants with the skillsets to support the transition towards adopting quantum security solutions when they are commercially available.
Responding to the agreement, Praveen Raina, Head of Group Operations & Technology at Singapore-based OCBC, pointed out that “quantum technology holds immense potential and relevance for the financial sector especially in mitigating cybersecurity risks.”
He added that: “recognising this, on top of partnering with the wider industry, we are taking proactive steps to invest in talent and infrastructure capabilities in this area.”
Rise of quantum computing
In recent years, quantum computing technology has been developing rapidly and has demonstrated the potential to break commonly used cryptography and encryption algorithms, which is increasingly posing a major cybersecurity concern for banks and other financial services firms.
In February 2024, MAS issued an advisory to the country’s finance sector on the cybersecurity risks associated with quantum technology.
The financial services watchdog went on to provide recommendations for banks and finance firms to safeguard themselves against the identified threats, including to carry out proof-of concept trials with quantum security solutions.
More recently, MAS launched a quantum track under its relatively new Financial Sector Technology and Innovation Grant Scheme to provide funding support for quantum projects and capabilities.
“This memorandum of understanding builds on these initiatives and provides a collaborative framework for trialling the application of quantum security solutions in financial services,” MAS explained.
In the coming months, MAS and participating banks will experiment with QKD solutions jointly provided by SPTel and SpeQtral, the regulator continued.
In addition to the memorandum of understanding, MAS earlier announced it will support the establishment of quantum computing and security innovation functions in Singapore.
MAS will hand out grants, which will provide funding support of up to 50% on manpower and other qualifying expenses such as hard/software infrastructure, subscriptions and licenses, for a period of 24 months.
AI efforts
The new fintech network, tech panel and the recent banking coalition come amid a host of measures to improve digital resilience in Singapore’s finance space.
MAS announced in 2024 to commit S$100 million, or close to $75m, to support the island-state’s banks and other financial services firms to design, test and build capabilities in artificial intelligence technologies.
The capital was meant to speed up the advancement of AI related innovation and adoption in financial services, MAS said.
“While financial institutions have been progressively adopting AI, recent technological advancements have made such tools more widely accessible and increased the pace of adoption,” the body explained at the time of the announcement.
With the advent of Generative AI, financial institutions have embarked on initiatives to map the technology’s opportunities and risks, and have begun piloting it across a range of use cases, it stressed.
“Nevertheless, the level of AI-readiness and adoption varies hugely across financial institutions in Singapore,” the regulator warned.
“MAS will therefore bolster financial institutions’ development and deployment of AI technologies in Singapore,” it said.
The watchdog firmly believes that Singapore has “the potential to become a centre of excellence for anchoring AI capabilities, such as in the development of applications, as well as testing and deployment of AI solutions for the financial sector.”
MAS will support financial institutions in establishing AI innovation centres in Singapore for a range of functions including AI model building and training, deployment of AI models for high-impact use cases, governance and risk management, as well as testing and monitoring.
It also plans to develop AI platforms to address industry wide use cases.
“There are strong prospects for the financial industry to apply AI to solve industry-wide problems beyond what each financial institution can do individually,” MAS clarified.
This involves the development of frameworks and platforms for policies and protocols that enable secure and privacy protected data exchange where financial institutions can collaborate on industry-wide use cases, the regulator concluded.
Why not become a QA Financial subscriber?
It’s entirely FREE
* Receive our weekly newsletter every Wednesday * Get priority invitations to our Forum events *
REGULATION & COMPLIANCE
Looking for more news on regulations and compliance requirements driving developments in software quality engineering at financial firms? Visit our dedicated Regulation & Compliance page here.
WATCH NOW
READ MORE
- Antithesis swells finserv footprint as autonomous testing gains traction
- Deep Dive: will AI replace QA teams, or simply make them more valuable?
- BrowserStack snaps up Requestly to expand open-source testing
- Eximius leads pre-seed round in rising QA star DevAssure
- AI testing takes centre stage in Bank of England’s data transformation
