Next event:

The QA Financial Forum: London 2018

21 February, 2018
News and research on financial software quality assurance and risk management

MAS updates outsourcing requirements

27 July 2016
Singapore regulator stresses the importance of protecting customer data in the cloud, but scraps reporting requirement.
Singapore, where the MAS is located.

Singapore. Credit: Michael Elleray

The Monetary Authority of Singapore (MAS) has added a section on cloud computing to its newly updated guidelines for financial firms on outsourcing technology services and has scrapped its requirement that financial firms notify the MAS of new material outsourcing arrangements they enter into. The regulator had announced its intention to revise its 2004 outsourcing guidelines at the beginning of July.

The report defines cloud computing as: “A combination of a business and delivery model that enables on-demand access to a shared pool of resources such as applications, servers, storage and network security.” It lists software-as-a-service, platform-as-a-service and infrastructure-as-a-service as examples of cloud computing. The MAS goes on to distinguish between private and public cloud, noting the growing popularity of hybrid combinations to: “Provide for distinct operational and security trade-offs.”

The MAS noted that while risks associated with cloud computing are not in principle distinct from those of other forms of outsourcing arrangements, the services provider must have safeguards in place to protect customer data. “Institutions should ensure that the service provider possesses the ability to clearly identify and segregate customer data using strong physical or logical controls,”  the MAS said, adding that there should also be controls in place to protect access data once cloud service contracts have been terminated.

The MAS has scrapped the obligation that it be notified every time a financial firm undertakes new material outsourcing arrangements. However, the report does state that firms should be able to demonstrate adherence to the guidelines should the regulator require it.

Financial firms will still be expected to submit an outsourcing register annually or upon request.

Other resources can be found here and here.

The QA Vector 500: your route to the right partner

Looking for a quality assurance, IT risk, or testing partner? Then you need access our expertly researched resource tracking the most important 500 service providers, from the largest to the most specialist.

Sign up now

Get the latest
by email

Newsletter Sign-Up
First Name*
Last Name*
Email*

I understand my contact details will be entered into your database and used to contact me by email with QA Financial's newsletter. See our privacy policy here.

Opted-in to receive newsletter
Source - newsletter sign-up form