Term · 28. International Regulations
MAS TRM (Monetary Authority of Singapore — Technology Risk Management Guidelines) MAS TRM
Definition
Singapore central bank's prescriptive guidelines (revised 2021) for technology risk management at financial institutions. Covers IT governance, system resilience, cybersecurity, third-party risk, and identity & access management. Mandates MFA for privileged access, customer-facing strong authentication, secure cloud adoption, and incident response capabilities. Non-compliance can result in regulatory action and reputational risk.
- Synonyms
-
- MAS Notice 644
- MAS Notice 655
- Application
- Mandatory for banks, insurers, capital markets intermediaries operating in Singapore. IDM/IAM impact: hardware tokens or biometric MFA for privileged access, strict customer authentication (typically Singpass MyInfo for KYC + device binding + transaction signing), centralized identity governance, regular access certification campaigns, PAM for production systems.
- Sources
-
- MAS — Technology Risk Management Guidelines primary source
Related terms
-
CMMC (Cybersecurity Maturity Model Certification) (CMMC)
US Department of Defense framework certifying cybersecurity practices of Defense Industrial Base (DIB) contractors handl …
-
CSA CCoP (Cybersecurity Code of Practice for CII, Singapore) (CSA CCoP)
Singapore Cyber Security Agency's mandatory Code of Practice for Critical Information Infrastructure (CII) operators acr …
-
ENISA (European Union Agency for Cybersecurity) (ENISA)
EU agency providing cybersecurity guidance, threat intelligence, and certification schemes across member states. Coordin …
-
EU CRA (Cyber Resilience Act) (CRA)
EU regulation (Regulation (EU) 2024/2847; in force 10 Dec 2024) imposing cybersecurity requirements on products with dig …
-
FedRAMP (Federal Risk and Authorization Management Program) (FedRAMP)
US government program standardising security assessment and authorization of cloud services used by federal agencies. Th …
-
GLBA (Gramm-Leach-Bliley Act) (GLBA)
US federal law (1999) requiring financial institutions to safeguard customer information and disclose information-sharin …