Search
  • Straits Interactive

What should an organisation look out for in third party management? The case of MAS' concern

Updated: Mar 27

By Lee Wen Xin, DPEXNetwork Community Development Executive

Edited by Leong Wai Chong, CIPM, GRCP



As businesses continue to transform and digitalise in Asia and globally, the incentive for malicious actors to hack into these systems, steal and gather data grows in tandem. Earlier this week on the 18th January 2021, the Monetary Authority of Singapore (MAS) announced new rules for all financial institutions and those in the fintech industry in Singapore after SolarWinds cyber-attack exposes firms around the world.


MAS said that financial institutions are increasingly reliant on third-party service providers as they adopt new technologies. Using an external vendor which may procure third-party tools brings significant risks to banking systems.


Weaknesses may arise during the engagement of the third party. The gap could be from:

  • Awareness of data protection regulatory requirements and risks when personal data are involved

  • Translation and communication of requirements in the scope of contract

  • adequacy in contract specifications to enforce and control of specifications

  • Third-party may further procure or subcontract solutions in which the requirements- specifications may be “lost in translation”.

  • Selecting the right service provider according to their strengths

  • Managing the vendors, which include risk assessment and controls on the vendors.



... continue reading

35 views0 comments