• Mon - Fri: 9AM - 6PM
  • 2 Venture Drive, 07-29 Vision Exchange, Singapore - 608526
  • +65 6978 1003

Singapore fintech TRM /Cyber Hygiene Policies Service

We are a leading regulatory compliance consulting firm in Singapore. We can provide services on implementing TRM and Cyber Hygiene Policies.

Singapore fintech TRM cyber Hygiene

What is a Fintech Company?

The definition of fintech is computer programs and other technology used to support or enable banking and financial services business. So, when the element of technology is brought in into the conventional financial businesses, it is called as fintech. Typically this takes a form of some platform where users can register / login and carry out various activities as intended. These companies have some mobile or web app hosted on AWS, Google or Azure server (Typically) and the app is exposed to the world over internet.

Most of the fintech companies (Requiring license from MAS) are primarily in the areas of digital banking, payment Services, remittance services, Collective investment schemes, Crowdfunding, financial advisory and so on.

Of course there are companies within fintech definition which do not require any license. For example a company providing AML and background check software. These companies do not need to get any license from the Monetary Authority of Singapore.

Which companies come under the purview of MAS TRM (Technology Risk management) & Cyber hygiene Guidelines?

Only those companies which operate a business in the financial sector (requiring a license from the monetary Authority of Singapore) and has an app, webapp or any other technological solution are subjected to these guidelines.

If your business is in the financial sector but not subjected to licensing, then you are not bound to follow these guidelines.

If you are exempted from holding the license, then in that case you are bound to follow these guidelines even if you are exempted.

Why is there a need to have TRM / Cyber Hygiene Guidelines?

MAS licensed companies often deal with other people’s money. For example, you may be running a crowdfunding platform, or you may be a standard payment institution providing business payment accounts.

The fact that you manage all these services via a web app, which is available to anybody on the internet, essentially exposes it to the risk. Hackers can try to hack the app and steal the data. They can run a DDOS attack, or they can use other means of disrupting the services.

While these above risks are there for businesses in other sectors also, the impact of such a situation in finance field can be particularly painful. If your app is connected to other banks and financial institutions via APIs, Webhooks etc then it can result into a disruption of those institutions' services also.

So the disruption of one app in the chain can have a cascading impact on other organizations and on their apps.

Singapore, over the years, has build its reputation as a prominent financial centre in the world. If the incidences like above often happen then that reputation will be at stake. So regulators want that every company holding license and having financial technologies commit to the good practices and does not exposes itself to the technology risks. Hackers have also become quite sophisticated in recent years and hacking attacks are quite common. So you need to be prepared to invest efforts in following these good practices, to ensure that the app runs without any problems.

What do you have to do exactly to comply with the TRM / Cyber Hygiene requirements?

TRM and cyber Hygiene guidelines are issued by the MAS and are available on their website. You will need to take these steps:

  • Go through these guidelines,
  • Prepare response how you comply with it
  • Inculcuate the key elements in your compliance policy
  • Follow the guidelines and keep documented proof of key actions done (eg. Bug reporting)
  • Take any other actions as recommended by the guidelines (eg. Breach reporting)

The guidelines itself are over 50 pages, so it becomes a formidable task for many organizations to carry out above steps.

What Are the TRM (Technology Risk management) Guidelines key points?

If you go through the TRM guidelines, the content it has primarily concentrates on the IT project Management and the best practices. So it is not something that is new. However the key point is, these guidelines needs to be adopted and followed. If not followed, there can be a warning letter from regulatory authorities and in extreme case may result in cancellation of the license. The broad topics covered by the TRM guidelines are as follows:

  • Penetration Testing
  • Securing your infrastructure
  • Best practices about user, admin access
  • Incidence and bug reporting
  • Breach reporting
  • Policy and Process Development
  • Risk Assessments
  • Third-Party Vendor Security Assessments
  • Questionnaire (SAQ) Preparation and Review
  • MAS TRM Missing Controls Assessment for your environment
  • Internal IT Security Audit and Reviews
  • Remediation Assistance
  • Business Continuity Planning

Summary: We can provide a Consultancy on TRM / Cyber Hygiene to you

As you can see, the TRM guidelines are significantly broad, and the text-only specifies your obligations. So you need to come out with the complete policy for your specific environment and then embed it in your overall compliance landscape. This can be a daunting task as many times your staff is not equipped for this.

  • We can help you develop a comprehensive and holistic security policy, which covers incident response, endpoint security, threat handling and monitoring, and data management
  • We review your organization’s existing control framework and suggest improvements as per MAS requirements
  • We develop and refine policies tailored to manage the unique risks for your situation and environments operated by your organization

Engage us for this services. Our team has experts who have wide exposure to law as well as IT project management. We will be able to prepare TRM for your environment. So engage us today.

Ready to Help

Our service delivery team is waiting to assist you.
Epica Consulting+ Singapore Company Registration

Why Engage Us

Everything you need to get started, for one fixed price.

Comprehensive Packages

Our packages are comprehensive. The price covers everything required.

Expert Team

Our service team has many years of experience. we will guide and assist you throughout your engagement.

Quality Service

We take pride in the quality of services we provide. Check our testimonial section to see what our clients speak about us.

Straightforward Approach

We are very straightforward with our approach. If something in your plan is not likely to work out we will be frank to tell you so.

MAS Licenses We Can Help you in

Message us