Lim Hng Kiang, Singapore minister for trade and industry and Monetary Authority of Singapore (MAS) deputy chairman made the announcement that the the MAS will set out its “expectations on the use of cloud computing services” by financial institutions (FIs) at a banking industry dinner last week.
The Minister stated :
MAS recognises cloud services can offer various benefits such as scalability and advanced functionalities, and is amenable to banks leveraging on cloud services to fulfil their business and operational needs. MAS expects banks to ensure that their risk management measures are commensurate with the nature, scope and complexity of the cloud deployment models that they adopt.
In his speech, Lim Hng Kiang said that the new guidance on cloud use would update existing guidance on outsourcing that MAS produced in 2004.
“FIs were previously expected to pre-notify MAS of any material outsourcing arrangements, and MAS would impose prudential requirements on the FI, where necessary. With the growing prevalence and complexity of outsourcing arrangements, such a case-by-case approach has become less tenable. Instead, MAS will continue to assess and monitor the robustness of FIs’ outsourcing risk management frameworks while FIs will continue to be responsible for ensuring the safety of all of their outsourcing arrangements. The revised guidelines will no longer require FIs to pre-notify MAS of any outsourcing arrangements.”
Bryan Tan of Pinsent Masons MPillay, the Singapore joint venture partner of Pinsent Masons, the law firm behind Out-Law.com, said:
Banks in Singapore have been very conservative in cloud adoption. There have been recent moves to develop standards and guidelines for cloud users and service providers in Singapore such as the multi-tier cloud security standard, and cloud outage and incident response guidelines – the MAS guidelines will provide more guidance for financial institutions going to the cloud.
The Infocomm Development Authority of Singapore recently issued guidelines on cloud outage incident response (COIR) to help cloud providers and the businesses that use their services to manage data breaches in line with the country’s data protection regime.