Reading note on TRM guideline 2013

Reader of  the new TRM guideline from Singapore Monetary Authority will be surprised by the changes it made. It is not an simple update but a major rewrite of some of the sections. Also it incorporated key and fundamental changes in financial technology.

At the introduction section, the author set the tune for the whole document by stating that IT is no a cost center only and should be integrated with business strategies. This type of statement is advocated by vendors for a long time but I believe it is the first time a banking regulator making the same statement in a TRM guideline. From here, the reader could expect TRM function is not only about  system vulnerability or malware, project risk, governance and outsourcing are also important.

Para 1.0.1 “IT is no longer a support function within a financial institution (“FI”) but a key enabler for business strategies” 

The author also states user are more IT-savvy. from my experiences, the more accurate adjective would are user are getting more IT-demanding and require more features. Usability of non-financial internet and mobile applications has revolutionized by the uses of HTML5, AJAX and even 3D graphic. Users are demanding the old html only Internet banking to follow. MAS also sense these changes and urge banks to fully understand the risk before bending over backwards to please users.

Para 1.0.3 “FIs are also faced with the challenge of keeping pace with the needs and preferences of consumers who are getting more IT-savvy and switching to internet and mobile devices for financial services, given their speed, convenience and ease of use.”

This entry was posted in Singapore, Uncategorized and tagged , , , on by .

About antonyma

Engineering trained, Antony has the qualifications of CISA, Oracle DBA and BS7799 ISMS assessor. He also received a LLM in Intellectual Property & Information Technology Law from The University of Hong Kong. Founder of travel tech statup Powerdata2go.com Antony was th Chairman of Professional Information Security Association (PISA) from 2009 to 2010. He also joined ISC2 workshop on developing a new cloud security certification. Current positions include: 1. Chairman of Cloud Security Alliance (Hong Kong & Macau Chapter) 2. Convenor of HK OGCIO Working Group on Cloud Security and Privacy 3. Hong Kong delegate to ISO SC 27 committee, which drafts security standards like ISO27001. email : antony.linkedin@gmail.com Specialties Retail Banking System & Process, IT Security, Copyright Law, Audit & Control, Technology Risk Management, Cloud Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s