On 4 November 2019, Singapore’s Parliament published a draft amendment to the Banking Act.

Under the amendment, all banks will be required to evaluate the ability of their service providers (whether these be a branch or office, or an external party) to:

(a) safeguard the confidentiality and integrity, and ensure the availability, of the banks’ information; and

(b) protect all customer information against unauthorised disclosure, retention, or use.

Where the service provider is a branch or office of the bank, specific provisions covering the above must be included in the branch or office’s policies and procedures.

Where the service provider is an external party, however, then the relevant provisions must be included in the contract between the bank and the provider.

Such policies and procedures, or contract, as the case may be, must also confer on the bank, the regulator (the Monetary Authority of Singapore or MAS), or an auditor appointed by the bank, the right to audit the books of the service provider to ensure that the above requirements have been complied with.Continue Reading New requirements for Singapore banks to include provisions in service contracts on protection of customer data

At the end of 2018 the UK Treasury Committee announced that it would launch an inquiry into information technology (IT) failures in the financial services sector. The Treasury Committee has stated that it will appoint a specialist advisor to help provide analysis and aid the inquiry.

The past 18 months have seen numerous IT failures in the financial services sector. Equifax, Barclays and TSB have all suffered incidents, to name a few. TSB is arguably the highest profile case, when 1.9 million customers were logged out of their online banking accounts for up to a month and with some customers also claiming to have been able to view other customers’ bank details. This occurred after the bank attempted to migrate customer information from its former owner to current owner Banco Sabadell.

The inquiry by the Treasury Committee is set to explore the common causes of such operational incidents, to better understand what consumers have lost as a result of the failures, and also to determine whether regulators such as the Bank of England Prudential Regulation Authority and the Financial Conduct Authority have the necessary ability and power to hold firms involved to account.
Continue Reading HM Treasury inquiry into IT failures in the financial services sector

The UK FCA Publish Discussion Paper on Distributed Ledger Technology
Regulators globally are focused on understanding industry consumers’ views on distributed ledger technology’s (DLT) potential risks and opportunities. On 10 April 2017, the UK Financial Conduct Authority (FCA) published a discussion paper DP17/3 on DLT, and followed it with a speech at the Innovate Finance

In its speech at the FT Cyber Security Summit, the FCA has outlined its approach to cybersecurity in financial services firms. In addition to this, the Group of 7 (“G7”) has issued an 8-point framework for the financial sector as a push for financial firms to design a cybersecurity strategy.

We explore each piece of guidance below.
Continue Reading FCA and G7 issue cybersecurity guidelines for the financial sector