To address the changing threat landscape and new ways of doing business, the Monetary Authority of Singapore has issued its Technology Risk Management document to supersede advice that was previously available as the Internet Banking Technology Risk Management guidelines.
The Internet Banking Technology Risk Management (IBTRM) guidelines were first published by MAS in 2001 to help provide banks with a risk management framework for providing Internet services. A high profile hacking incident led MAS to reissue the guidelines in 2003, and were updated again in 2008 to version 3.0.
In June 2012, MAS began a consultation process to revise the guidelines once more, including a Notice on Technology Risk Management paper, which stipulates various legal requirements. Prior to the public consultation in 2012, a workgroup of IT security experts and specialists from major financial institutions helped to draft the new guidelines.