Monetary Authority of Singapore · 2021 (rev.)

MAS TRM Guidelines

The TRM Guidelines codify MAS' expectations on technology risk for every Singapore FI. Updated 2021 to address cloud, API, AI, agile delivery and operational resilience.

Scope

Who must comply

All MAS-regulated FIs — banks, insurers, capital markets, payment institutions

Key controls & obligations

The control catalogue

01
IT governance & risk management
02
Third-party risk (cloud)
03
Cyber resilience testing
04
Incident notification 1 hour for material cyber breaches
05
Critical system recovery RTO ≤ 4 hours

Educational disclaimer

RiskPedia content is for educational purposes only. Not legal or regulatory advice. Refer to the Monetary Authority of Singapore for binding text.