Regulations for activities relating to E-money

What types of technology and cyber security risk management measures should a provider of e-wallets and e-money issuance services take note of?

A person providing e-wallets and e-money issuance services under the Payment Services Act 2019 should, among other things, take note of the technology and cyber security risks mitigation measures prescribed by MAS.

The MAS Notice on Cyber Hygiene (PSN06) sets out a set of essential cyber security practices that a person providing e-wallets and e-money issuance services must put in place to manage cyber threats. The Notice covers requirements on securing administrative accounts, applying security patching, establishing baseline security standards, deploying network security devices, implementing anti-malware measures and strengthening user authentication. Failure to comply with the requirements set out in the MAS Notice attracts a fine.

In addition, a person providing e-wallets and e-money issuance services should take note of the MAS Technology Risk Management Guidelines that provide guidance on best practices for the management of technology risk. The Guidelines provide that the board of directors and senior management of an FI plays an important role in ensuring the establishment of a sound and robust technology risk management framework and FIs should adopt a defence-in-depth approach to strengthening cyber resilience with particular focus on ensuring adequate policies are implemented to safeguard information assets and a comprehensive IT security awareness training programme is established for all staff. Notably, the Guidelines provide that in delivering online financial and payment services, an FI should implement security and control measures which are commensurate with the risk involved to ensure the security of data and online services. An FI offering online financial services access via a mobile device should be aware of the risks unique to mobile applications. Guidance on Mobile Application Security is provided in the Guidelines.

For a summary of some recent changes made to the Guidelines in January 2021, please click here to read Rajah & Tann publication titled “2021 Technology Risk Management Guidelines: Enhanced Requirements on Financial Institutions Concerning Technology Risk Governance and Security Controls”.

SHARE THE POST

PEOPLE ALSO READ

Need to talk to a lawyer or professional?

Our partnered law firms and professional consultants are carefully picked by us based on their expertise in topics covered in this document we tailored for you.

Let us set you up for success in your engagement.

Rajah & Tann Singapore LLP
Singapore Law Firm
Large
Legal Services
Singapore
Founded in 1976, Rajah & Tan Singapore LLP is one of the largest full service law firms in Singapore with affiliate offices in Cambodia, China, Indonesia, Laos, Malaysia, Myanmar, Philippines, Thailand and Vietnam. it is a member firm of Rajah & Tann Asia, a network of law firms in Southeast Asia with over 800 fee earners. Rajah & Tann is regarded as one of the "Big Four" law firms in Singapore. Its clientele ranges from multinational and Fortune 500 corporations to emerging high-tech enterprises and start-ups.