We are a leading regulatory compliance consulting firm in Singapore. We can provide services on implementing TRM and Cyber Hygiene Policies.
The definition of fintech is computer programs and other technology used to support or enable banking and financial services business. So, when the element of technology is brought in into the conventional financial businesses, it is called as fintech. Typically this takes a form of some platform where users can register / login and carry out various activities as intended. These companies have some mobile or web app hosted on AWS, Google or Azure server (Typically) and the app is exposed to the world over internet.
Most of the fintech companies (Requiring license from MAS) are primarily in the areas of digital banking, payment Services, remittance services, Collective investment schemes, Crowdfunding, financial advisory and so on.
Of course there are companies within fintech definition which do not require any license. For example a company providing AML and background check software. These companies do not need to get any license from the Monetary Authority of Singapore.
Only those companies which operate a business in the financial sector (requiring a license from the monetary Authority of Singapore) and has an app, webapp or any other technological solution are subjected to these guidelines.
If your business is in the financial sector but not subjected to licensing, then you are not bound to follow these guidelines.
If you are exempted from holding the license, then in that case you are bound to follow these guidelines even if you are exempted.
MAS licensed companies often deal with other people’s money. For example, you may be running a crowdfunding platform, or you may be a standard payment institution providing business payment accounts.
The fact that you manage all these services via a web app, which is available to anybody on the internet, essentially exposes it to the risk. Hackers can try to hack the app and steal the data. They can run a DDOS attack, or they can use other means of disrupting the services.
While these above risks are there for businesses in other sectors also, the impact of such a situation in finance field can be particularly painful. If your app is connected to other banks and financial institutions via APIs, Webhooks etc then it can result into a disruption of those institutions' services also.
So the disruption of one app in the chain can have a cascading impact on other organizations and on their apps.
Singapore, over the years, has build its reputation as a prominent financial centre in the world. If the incidences like above often happen then that reputation will be at stake. So regulators want that every company holding license and having financial technologies commit to the good practices and does not exposes itself to the technology risks. Hackers have also become quite sophisticated in recent years and hacking attacks are quite common. So you need to be prepared to invest efforts in following these good practices, to ensure that the app runs without any problems.
TRM and cyber Hygiene guidelines are issued by the MAS and are available on their website. You will need to take these steps:
The guidelines itself are over 50 pages, so it becomes a formidable task for many organizations to carry out above steps.
If you go through the TRM guidelines, the content it has primarily concentrates on the IT project Management and the best practices. So it is not something that is new. However the key point is, these guidelines needs to be adopted and followed. If not followed, there can be a warning letter from regulatory authorities and in extreme case may result in cancellation of the license. The broad topics covered by the TRM guidelines are as follows:
As you can see, the TRM guidelines are significantly broad, and the text-only specifies your obligations. So you need to come out with the complete policy for your specific environment and then embed it in your overall compliance landscape. This can be a daunting task as many times your staff is not equipped for this.
Engage us for this services. Our team has experts who have wide exposure to law as well as IT project management. We will be able to prepare TRM for your environment. So engage us today.
Our packages are comprehensive. The price covers everything required.
Our service team has many years of experience. we will guide and assist you throughout your engagement.
We take pride in the quality of services we provide. Check our testimonial section to see what our clients speak about us.
We are very straightforward with our approach. If something in your plan is not likely to work out we will be frank to tell you so.