Emerging technologies, such as cloud computing and blockchain, are potential sources of cyber risks for the financial sector. Image: Envato Elements
Last month, the Monetary Authority of Singapore (MAS) – the country’s central bank – announced an updated map of the transformation of its financial services sector over the next three years.
The 2025 financial services sector transformation map outlines key central bank priorities and plans to strengthen the Republic’s position as a leading international financial center in Asia, said Lawrence Wong, Deputy Prime Minister and Minister of Singapore Finance and Deputy Chairman of MAS. .
These include digitizing financial infrastructure to promote the development of digital platforms for bond markets and the fund industry, catalyzing the transition to net zero in Asia and deepening sustainable finance, and shaping the future of financial networks by expanding cross-border payment links and enabling digital currency connectivity. .
At the heart of these plans is the use of secure technology, Vincent Loy, deputy general manager, Technology Group, MAS, tells GovInsider. Not only can a robust and secure digital infrastructure bring these plans to life, but it can also ensure the growth of a thriving fintech industry in the country, he explains.
“If there is no trust, FinTech will not survive or grow further,” he notes.
This is why MAS is actively involved in the prudent management of cyber risks and in applying a principles-based approach to the regulation of new technologies, he says.
An ecosystem approach to secure digital adoption
One of the main concerns highlighted by Loy relates to cyber risks resulting from the adoption of third-party services by financial institutions for critical functions. That’s why MAS works closely with financial institutions and technology providers to create ecosystems for secure digital adoption, he explains.
Take the case of cloud computing services. As financial institutions increasingly adopt the cloud, there is a risk of overreliance, he notes. Any cybersecurity incident that affects major cloud providers could potentially have an outsized impact on the financial services industry, he says.
Beyond MAS, regulators around the world are monitoring the growing reliance on these third-party vendors. A recent report by the Bank for International Settlements, an international financial institution owned by central banks, identified the growing reliance on a small group of cloud computing providers as a major risk to the financial industry, reported the Financial Times.
“At the same time, we also realize that the cloud plays a very important role in the innovation journey of financial services,” says Loy. As such, it is essential that MAS does not stifle the adoption of such technology. On the contrary, the central bank is working with senior technology leaders from various banks to understand the risks.
At the same time, MAS is working with technology vendors to better understand these emerging technologies and their position. Loy shares that they meet with cloud providers and raise such security issues, so they can imagine and find solutions together.
“Regulators alone cannot solve many of these problems. It takes an ecosystem approach to address these issues,” says Loy.
The regulator is also working with fintech players to test new technologies and develop regulations to ensure these technologies remain secure while giving them space to flourish. The MAS FinTech Regulatory Sandbox allows fintech players to experiment with innovative financial services in a real environment, where specific regulations are relaxed for a clearly defined period of time.
This allows the regulator to observe these emerging services in a controlled way through small transactions as well as identify and account for risk early on, Loy says.
A principles-based approach to regulation
As new technologies come into play, a principles-based risk-proportionate approach can be helpful in guiding institutions in making their own decisions about what to adopt based on their risk appetite, says Loy. This means that instead of prescribing very detailed rules and requirements, the MAS establishes principles-based guidelines – such as establishing a robust technology risk management framework – for financial institutions.
He emphasizes that regulation should not hamper innovation or customer service. As such, the country takes a principles-based approach that enables Singapore to respond to the various financial services risks in a proportionate manner. The same goes for new technologies, he says.
An example is the emergence of decentralized finance and blockchain technology. As these are relatively new forms of technology, there are unknown security risks and vulnerabilities that come with their adoption that financial institutions will have to deal with, even as they learn about the new use cases they offer. , explains Loy.
In Wong’s announcement of MAS’ financial services industry transformation roadmap, he emphasized that MAS will continue to evolve its regulatory approach to guard against the new risks posed by decentralized finance, from money laundering money to cybersecurity risks.
The MAS has notably implemented this principle-based approach through the Technology Risk Management Guidelines, which help institutions develop technology governance principles.
The MAS has previously issued an opinion highlighting risk management principles on the adoption of public cloud services by financial institutions. The council recommended that institutions develop a cloud risk management strategy, taking into account factors such as vendor lock-in and best practices such as the principle of least privilege and multi-factor authentication.
In a recent speech addressing Singapore’s position on decentralized finance, cryptocurrency and blockchain, MAS Managing Director Ravi Menon highlighted that MAS was one of the first regulators to impose cyber hygiene standards and principles of technological risk management to digital asset players. He said that as cyber risks continue to evolve in this area, MAS will continue to review measures in line with what jurisdictions like the EU and Japan are doing.
Technology can also be a tool to help financial institutions boost their cybersecurity efforts, Loy notes.
Automation can be deployed to reduce human error. Traditionally, financial institutions have relied on many manual processes to review, verify, authorize, and even migrate data. Automating these tasks has helped financial institutions reduce the effort required to complete these tasks, and also reduce the incidences of someone intentionally or unintentionally causing data breaches.
When key controls are automated, financial institutions can free up time for people to focus on more useful tasks. Such automation can also provide real-time verification that tasks have been completed and flag any issues, ensuring that auditors can respond quickly if needed.
Artificial intelligence can also be deployed to monitor system performance and perform predictive analytics on when systems might fail. Such analyzes can help institutions predict and manage risk, he says.
Finally, Loy points out that Singapore is just one of the nodes that keeps the global financial services systems running. Geopolitical tensions, like the Russian-Ukrainian conflict, have also increased cyber risks around the world, including for the financial sector, he notes. This is why MAS plays an active role globally in promoting cyber hygiene standards.
The regulator is working with the aforementioned Bank for International Settlements as well as the Financial Stability Board (FSB), an international body that oversees the global financial system, to drive the cybersecurity agenda. In 2020, MAS chaired the FSB working group on Cyber Incident Response and Recovery, which aimed to develop a toolkit to effectively respond to cyber incidents.
Additionally, MAS has worked with leading cybersecurity technologists and experts across the Cybersecurity Advisory Committee since 2017 to learn from best practices, he shares.
Vincent Loy will be participating in a panel titled “Increasing Local and Offshore Regulations” taking place from 2:15-3:45 p.m. on October 18 at Level 3, Room GW4B, Sands Expo and Convention Centre.
Can’t wait to hear from him but haven’t booked your place at GovWare yet? Do it now via the link here!
This article is published in partnership with GovWare 2022.