2023-12-11

Added

Updates to Guidelines on Outsourcing

The Monetary Authority of Singapore amended its Guidelines on Outsourcing to exclude banks and merchant banks, which are now governed by separate Notices on Management of Outsourced Relevant Services. The revised Guidelines, effective 11 December 2024, remove banking references, add an annex for exempted outsourced services, and align business continuity management requirements with updated standards. Additionally, the regulator emphasized that financial institutions must assess third-party risks regardless of outsourcing status and indicated potential future consultations on broader third-party service guidelines.

Monetary Authority of Singapore logo

Singapore

Monetary Authority of Singapore

Click to view thumbnail

Circular No: ID 19/23 11 December 2023 To Chief Executives All Insurers and Designated Financial Holding Companies (Licensed Insurer)s Dear Sir/Madam Updates to Guidelines on Outsourcing The Monetary Authority of Singapore (MAS) has published new notices to banks and merchant banks on the Management of Outsourced Relevant Services (the “Notices1 ”). The Notices introduce new terminology and concepts that require a new corresponding set of Guidelines on Outsourcing (Banks) that only apply to banks and merchant banks. 2 Given the issuance of the Guidelines on Outsourcing (Banks), the existing Guidelines on Outsourcing have been amended and renamed as “Guidelines on Outsourcing (Financial Institutions other than Banks)2 ”. Changes relative to existing set of Guidelines, which take effect from 11 December 2024, are: • the removal of references to banks and merchant banks; • the addition of an annex of “exempted outsourced services”, which had previously been communicated to financial institutions via Circular ID 26/20 on 9 June 2020. These are services that are wholly provided by Government Technology Agency, or services not for the conduct of financial business and where the service provider does not handle the financial institution’s confidential or customer information; and • amendments relating to business continuity management for alignment with the revised Guidelines on Business Continuity Management3 . 1 Please refer to Notice to Banks on Management of Outsourced Relevant Services and Notice to Merchant Banks on Management of Outsourced Relevant Services. 2 Please refer to Guidelines on Outsourcing (Financial Institutions other than Banks) here. 3 Please refer to the Guidelines on Business Continuity Management here.

3 MAS will consider whether and how to impose the equivalent of the Notices on non-bank financial institutions as well. MAS will consult industry and relevant stakeholders prior to imposing specific requirements relating to such services. 4 On a related note, as reliance on third parties for service delivery increases, financial institutions are expected to assess the risks arising from such reliance, and implement controls commensurate with the nature and extent of risks. Financial institutions should do so regardless of whether the reliance constitutes an outsourcing arrangement. Third-party services are also subject to other MAS requirements and expectations on areas such as operational risk, technology risk and business continuity management. 5 MAS will also consider the need for more specific guidelines to address the risks arising from financial institutions’ broader use of third-party services, including non￾outsourced services. 6 Please email your Review Officer should you have any queries. Yours faithfully [sent via MASNET] MARCUS LIM ASSISTANT MANAGING DIRECTOR BANKING & INSURANCE