The Monetary Authority of Singapore (MAS) was established as the country’s Central bank, and Financial Regulatory Authority, on 1 January 1971. The Bank passed the Monetary Authority of Singapore Act that enables MAS to exercise control over financial institutions and empowers it to regulate and supervise various statutes including the Banking Act, the Insurance Act, the Securities and Futures Act, and the Financial Advisers Act. With an aim to secure information security systems of Financial Institutes, the Monetary Authority of Singapore issued the Technology Risk Management Guidelines. These guidelines are statements of best practices that are expected to be followed by Financial Institutes to protect the customer’s financial data, transactional data, and systems. However, it has been clearly stated that these guidelines are not legally binding but form a benchmark for MAS in assessing the risk of financial institutions. LEARN MORE ABOUT MAS-TRM COMPLIANCE
Our Initial study involves understanding your business processes and environment. This will enable us to consolidate the scope thereby helping you reduce cost and time of implementation.
We support your management in Scope Definition which includes setting timelines, responsibilities and budget for the implementation.
We conduct an “as-is” Gap Analysis of your organization vis-à-vis the standard and help your team fix the gaps.
We Conduct Awareness session for your IT Team and relevant personnel on MAS TRM Compliance and further discuss about their roles responsibilities and timelines.
Our team identifies your critical information assets, classify them and create an Asset inventory
Our experts conduct a detailed Risk Assessment to identify what can go wrong with which asset and how it will impact your organization.
In sync with our Tech Team, our experts rank out the risks and help you strategize the Risk Treatment measures.
With all data in hand, our team then creates the SOP document set. Your inputs required ONLY to validate the same.
We conduct internal/external Vulnerability Assessment and penetration testing of your servers and networks
Our Infrastructure Advisory Services team shall support your internal team in rolling out the recommendations based on the assessment findings and reports.
Specialised personnel then conduct User Training of ALL personnel covered in scope on their specific responsibilities.
After a reasonable gestation period, a separate team of experts conduct a Pre-assessment of your setup.
If you so wish, we can take over the responsibility for Continually Supporting (Managed Compliance Services) your organization to stay MAS TRM Compliant.
The TRM Guidelines are statements of best practices expected to be adopted by every Financial Institute. However, these statements should not be regarded as standards for Financial Institutes to abide by. Financial Institutes may adopt these guidelines, considering the business operations they engage in and the markets in which they conduct transactions. Financial Institutes should apply the Guidelines which is contextually relevant to the regulatory requirements and industry standards.
MAS-TRM Audit cost for an average-sized company starts at $12000. Pricing for the audit depends on several factors, including the Scope of Audit, Business Applications, Technology Platforms, Number of Locations, and other additional services.
On average it takes 4-6 weeks to complete MAS-TRM Audit. However, the timeline also greatly depends on the time taken for implementing the remediation suggested in the gap analysis.
You will receive an audit report documenting the details of the effectiveness of the Organization’s system and controls. The report will detail information about how your information is secured with all necessary controls in place. Additionally, we also provide a “Certificate of Compliance” that you can show your clients and also proudly hang on your office walls and conference rooms.
MAS TRM Report is only valid for a year or 12 months from the date of issue and as per the Industry Standard requirement, the Audit must be performed annually, or at least when significant changes are introduced that may impact systems and control in an environment.