To address the changing threat landscape and new ways of doing business, the Monetary Authority of Singapore issued its Technology Risk Management document to supersede advice that was previously available as the Internet Banking Technology Risk Management (IBTRM) guidelines.
These guidelines were first published by MAS in 2001 to give banks a risk management framework for providing internet services. A high-profile hacking incident led MAS to reissue the guidelines in 2003, and they were updated again in 2008 to version 3.0.
In June 2012, MAS began a consultation process to revise the guidelines once more, including a Notice on Technology Risk Management paper, which stipulates various legal requirements. Prior to the public consultation in 2012, a workgroup of IT security experts and specialists from major financial institutions helped to draft the new guidelines.