2025-12-16
Added
The Monetary Authority of Singapore mandates that financial institutions report incidents using a revised template aligned with the FSB's FIRE format. Effective 1 February 2026, all reportable incidents must be submitted via the MAS-Tx platform, requiring initial notification within prescribed timelines and an initial report within 24 hours of discovery. The circular outlines specific contact procedures, data requirements, and submission protocols for both general incidents and cyber security events affecting Critical Information Infrastructure Owners.
1 Circular No: MAS/TCRS/2025/08 16 December 2025 To the Chief Executive Officers of all Financial Institutions Dear Sir / Madam CIRCULAR ON FINANCIAL INSTITUTION INCIDENT REPORTING Financial institutions (“FIs”) are required to report incidents to the Monetary Authority of Singapore (“MAS”) under various acts, regulations, notices, circulars and guidelines, including those set out in Annex A. In line with the international Format for Incident Reporting Exchange (“FIRE”) introduced by the Financial Stability Board (“FSB”), MAS has updated the FI incident reporting template to incorporate key elements from FIRE. MAS has also taken this opportunity to enhance and streamline the FI incident reporting process, including the use of MAS-FI Transactions Platform (“MAS-Tx”) to facilitate incident report submissions. 2 From 1 February 2026 onwards, reportable incidents should be submitted directly via the MAS-Tx. FIs should use the revised Incident Reporting Template (“the Template”) to submitreportable incidents on MAS-Tx. The revisionsto the Template and incident submission channel seek to facilitate more standardised and streamlined incident data collection. 3 This circular provides guidance on how FIs should provide initial notification to MAS upon the discovery of a reportable incident, and submit the subsequent incident reports to MAS using the Template. Incident Notification to MAS 4 The FI should notify MAS as soon as possible, but no later than the timeline prescribed in the applicable act(s), regulation(s), notice(s), circular(s) or guideline(s), upon the discovery of a reportable incident. 5 If the reportable incident occurs during MAS office hours1 , the FI should notify their respective MAS Review Officer. The FI should contact the MAS Duty Officer via the 24-hour 1 Monday to Friday, 8.30am to 6.00pm, excluding gazetted public holidays published by the Ministry of Manpower.
2 MAS incident reporting phone line2 (Tel: 6229 9526 / 6229 9527) if the MAS Review Officer is uncontactable or the reportable incident has occurred outside of MAS office hours. 6 The following information should be provided to MAS in the notification: a. Particulars of the reporting FI: i. Name of the FI reporting the incident; ii. Name of the FI’s reporting staff; iii. Designation and department of the reporting staff; and iv. Mobile and office number of the reporting staff. b. Information pertaining to the reportable incident: i. What happened; ii. When did it happen; iii. Where did it happen; and iv. Impact of the incident on the FI’s services and customers. Submission of Incident Reports to MAS 7 Following the incident notification described in paragraphs 4-6, the FI should submit all incident reports to MAS using the Template. The revised Template comprises two main sections, namely the Initial and Final Incident Report. 8 The FI should submit an Initial Incident Report to MAS as soon as possible, but not later than 24 hours3 from the point of incident discovery, followed by a Final Incident Report within 14 days of the incident discovery. FIs should refer to the Instruction section in the Template, which outlines the expected information and the corresponding sections of the Template to be included in each report. 9 The Template sets out the information FIs should provide when reporting an incident to MAS. If any of the required information in the Template is not applicable to the incident being reported, please indicate clearly with appropriate remarks. 10 As most reportable incidents are dynamic in nature, FIs should submit the Initial Incident Report based on the information available to them at the time of submission. Any subsequent updates or corrections to the information provided in the Initial Report should be either updated in the Initial Report or reflected in the Final Report. 2 Please note that the incident reporting line is for incident reporting by FIs only. For inquiries or feedback, visit www.mas.gov.sg, https://ask.gov.sg/mas or submit an online form via https://www.mas.gov.sg/contact-us. 3 If necessary, MAS Review Officer may request the FI to submit the initial incident report earlier or provide further updates on the reportable incident.
3 11 Where a single incident affects multiple FIs within the same group, one incident report may be submitted. The reporting FI should clearly identify all affected entities in the field “Incident Description” in the Initial Report, and provide details of the impact on each affected entity. Where multiple entities within the group are affected by different incidents that occur simultaneously, separate incident reports should be submitted for each incident. 12 In addition to MAS reporting, the Critical Information Infrastructure Owners (“CIIOs”) reporting cyber security incidents should refer to the Cyber Security Agency of Singapore (“CSA”) website4 for the requirements, timeline and template to submit the National Cyber Security Incident Reporting Form (“NCIRF”) through MAS to CSA. Submission Channel 13 The FI should submit the Initial Incident Report, Final Incident Report and NCIRF (applicable to CIIOs only) via MAS-Tx5 . Where the FI encounterstechnical challenges with their submission, such as due to scheduled or unscheduled downtime of the platform, the FI should liaise with the MAS Review Officer to determine the appropriate alternate submission channel. 14 For any questions related to this circular, please contact your MAS Review Officer. TOMMY TAN DIRECTOR & HEAD (DIVISION II) TECHNOLOGY AND CYBER RISK SUPERVISION DEPARTMENT 4 https://www.csa.gov.sg/legislation/forms 5 Under the Incident & Breach Reporting module. To submit the incident report on MAS-Tx, the “Incident Reporting” role needs to be assigned for the e-Service “FI Transactions Platform” to users in CorpPass. Kindly refer to the MAS-Tx user guides and tutorials available on https://mastx.mas.gov.sg/ for more details.
4 Annex A Application of FI Incident Reporting Template The Incident Reporting Template should be used for the reporting of incidents as required under various acts, regulations, notices, circulars, and guidelines, including:
5 e. Regulation 11(3); f. Regulation 21(d), (f) and (g); 10. Securities and Futures (Financial Benchmarks) Regulations 2018 a. Regulation 10(4)(b) and (c); b. Regulation 11(1)(e); c. Regulation 11(2)(d); d. Regulation 19(2)(b); e. Regulation 19(3)(d); 11. Payment Services Act 2019 a. Section 15(1)(b); b. Section 48 (1)(b); 12. Payment Services Regulations 2019 a. Regulation 25(3); and 13. Credit Bureau Act 2016 a. Section 20(1)(a) and (c).