Financial institutions

Financial institutions will face a higher penalty for cyberattacks and disruptions under new bill

SINGAPORE — Financial institutions could face stiffer penalties for a cyberattack or disruption of essential services if a new bill passes parliament.

Today, financial institutions rely heavily on technology to deliver financial services, Monetary Authority of Singapore (MAS) Board Member Alvin Tan told Parliament on Monday (4 April) at the second reading of the bill on financial services and markets.

“However, the current maximum penalties that can be imposed for breaches of technology risk management requirements are not proportionate to the potential widespread impact on FI (financial institution) customers and the financial sector that could result from such breaches. “, he added.

With the passage of the bill, the maximum penalty for each violation of a technology risk management requirement will be increased to $1 million.

A technology event that affects a financial institution’s customers or other industry players could involve violations of several of these requirements, such that the financial penalty could be well over $1 million for a serious cyberattack or interruption of an essential financial service. These situations include ATM network and e-commerce disruptions.

“The proposed quantum aims to underscore the critical importance of technology risk management to the operations of FIs and the proper functioning of the financial system,” said Tan, who is also Minister of State for Commerce and Foreign Affairs. Industry, as well as Culture, Community and Youth.

The quantum was calculated after reviewing the existing sanctions regimes of other jurisdictions and government agencies in Singapore, he added.

The MAS also takes other supervisory measures, such as requiring financial institutions to set aside additional regulatory capital until it is satisfied that adequate risk control measures have been put in place. square.

In February, he asked DBS Bank to set aside an additional $930 million in capital following the widespread outage of its digital banking services last November.

The Financial Services and Markets Bill, first tabled in parliament in February, will also give the regulator more control in areas such as prohibition orders and digital token services.

It will give MAS broader powers to impose restraining orders – issued in cases of serious misconduct such as fraud – against individuals who have proven unfit to perform key roles, activities and functions in the financial sector.

This is currently limited to certain people such as sales representatives and insurance agents, and not to those engaged in other activities such as providing payment services and managing risk.

The proposed law will also allow MAS to regulate digital token service providers created in Singapore but not providing their services here. Digital tokens include digital payment tokens, or cryptocurrencies, and digital representations of financial market products.

Currently, entities that provide digital token services in Singapore are subject to applicable laws regardless of where they are established.

However, Singapore-based service providers that only provide services elsewhere are not regulated for anti-money laundering and counter-terrorist financing (AML/CFT), which creates reputational risks for the Republic, Mr. Tan said.