2018-10-05
Added
The Monetary Authority of Singapore issued these guidelines to set out expectations for financial institutions engaging in outsourcing arrangements or planning to outsource business activities. The document mandates sound risk management practices, specific requirements for cloud computing, and procedures for engaging with the regulator. It also establishes reporting obligations, including the annual submission of outsourcing registers, and supersedes previous circulars on information technology outsourcing.
These guidelines set out MAS’ expectations of a financial institution that has an outsourcing arrangement or is planning to outsource its business activities to a service provider. The Guidelines on Outsourcing dated 27 July 2016 (last revised on 5 October 2018) is in effect until 10 December 2024.
The guidelines cover:
Engagement with MAS on outsourcing.
Sound practices on risk management of outsourcing arrangements.
Cloud computing.
Resources:
Outsourcing Register Template (Version 1) (34.3 KB)
08 Oct 2018 Version dated 27 July 2016 (last revised on 05 October 2018) (626.2 KB) takes effect.
27 Jul 2016 Previous version dated 27 July 2016 (236 KB) takes effect.
27 Jul 2016 Previous version dated October 2004 (last revised on 01 July 2005) (80.2 KB) . [Cancelled]
This circular provides guidance on how financial institutions should report incidents to MAS under the various acts, regulations, notices, circulars and guidelines.
Requirements for merchant banks on protecting the confidentiality of customer information in all outsourcing arrangements.
Requirements for banks on protecting the confidentiality of customer information in all outsourcing arrangements.
Requirements and guidelines on enterprise risk management for designated financial holding companies that have a subsidiary that is a licensed insurer incorporated, formed or established in Singapore (“DFHC (Licensed Insurer”)).
Provides guidance on the regulatory scope of the Trust Companies Act, including licensing and reporting requirements for licensed trust companies, exempt trust companies and exempt persons providing trust services.
Guidelines on sound practices in carrying out insurance business and principles relating to risk management framework.
Guidelines on risk management practices to mitigate insurance fraud risk.
Enterprise risk management (ERM) requirements and guidelines for licensed insurers.
Informs insurers on the exclusion of arrangements where the service is wholly provided by Singapore Government GovTech or its agents from the scope of the outsourcing.
Informs all insurers on the expectation to submit their outsourcing registers to MAS annually by 31 March of each year or upon MAS' request.
Informs financial institutions that MAS Circular SRD TR01/2011 on Information Technology Outsourcing has been superseded and cancelled by the Guidelines on Outsourcing dated 27 July 2016.
Guidelines for a financial institution’s operational risk management framework, including business continuity and outsourcing.
Sets out the conditions for banks when outsourcing cash and cheque-related transactional services to another bank in Singapore.