Singapore Hub
Where rules align, conflict and layer
Regulator Overlap Matrix.
MAS TRM × MAS Notice 655 × PDPA × CSA × MindForge — mapped across 10 control dimensions.
Dimension | MAS TRM MAS-regulated FIs | MAS 655 All MAS FIs | PDPA All organisations | CSA / CCoP CII operators | MindForge AI-using FIs |
|---|---|---|---|---|---|
| Governance | Board + ITRC | — | DPO mandatory | Cybersecurity Officer | AI governance committee |
| Incident Reporting | 1 hour (material) | Per incident | ≤3 days to PDPC | Per CSA timeline | — |
| Data Protection | Aligned to PDPA | — | 9 obligations | — | Data quality + lineage |
| Cyber Controls | TRM §10–11 | 6 baselines mandatory | Reasonable safeguards | CCoP 2.0 controls | AI security |
| Third-Party Risk | TRM §13 | — | Transfer Limitation | Yes — vendors | Foundation-model vendors |
| Business Continuity | TRM §8 | — | — | Mandatory exercise | — |
| Audit | Annual IS audit | — | Self-audit | Annual audit | Model validation |
| AI Risk | Veritas-aligned | — | Indirect (data quality) | — | Core focus |
| Personnel/Training | TRM §5 | Awareness | PDPA training | Cyber training | AI ethics training |
| Penalties | MAS Act | Up to S$100k | 10% turnover / S$1m | S$100k + 2yr | Via MAS TRM |
Scroll horizontally to compare. Cells show the regulator's specific requirement for each dimension. — indicates 'not directly addressed'.