This chapter provides an overview of the regulatory landscape governing operational resilience in Singapore’s financial sector, anchored on the expectations of the Monetary Authority of Singapore (MAS).
It examines the key guidelines, notices, and supervisory approach that collectively shape how financial institutions design, implement, and maintain operational resilience.
The chapter also explains MAS’s principles-based regulatory philosophy, which requires institutions not only to comply with rules but to demonstrate sound judgement, proportionality, and effectiveness in managing resilience risks.
MAS adopts a holistic and integrated regulatory framework to strengthen operational resilience. Rather than issuing a single standalone “operational resilience regulation,” MAS embeds resilience expectations across multiple interrelated guidelines.
The 2022 MAS BCM Guidelines represent a significant evolution in regulatory expectations, shifting from traditional recovery planning to a service-centric approach to operational resilience.
Key expectations include:
MAS explicitly requires financial institutions to adopt an end-to-end, service-centric view, ensuring that critical services can continue to be delivered even during disruptions.
The guidelines emphasise that resilience must be designed around customer outcomes, not just internal processes.
The MAS ORM Guidelines complement BCM by focusing on the identification, assessment, and mitigation of operational risks.
Key elements include:
ORM provides the preventive foundation for operational resilience by reducing the likelihood and severity of disruptions.
The MAS TRM Guidelines address the growing importance of technology and cyber resilience in financial institutions.
Key expectations include:
Technology resilience is critical, as Singapore's financial services are highly dependent on digital infrastructure.
MAS expects institutions to maintain secure and reliable systems for customer use, reflecting the importance of technology in service continuity.
MAS does not treat BCM, ORM, and TRM as isolated domains. Instead, it expects financial institutions to integrate them into a unified operational resilience framework, where:
This integrated approach reflects MAS’s focus on end-to-end resilience across the entire operating ecosystem.
In addition to guidelines, MAS issues legally binding notices that impose specific requirements on financial institutions.
MAS Notice 644 (and related notices such as 644A) historically set out mandatory requirements for technology risk management, including:
These notices define minimum compliance thresholds, including timelines for reporting incidents and expectations for technology resilience
Although certain notices (e.g., Notice 644) have since been updated or superseded, they remain foundational in shaping technology resilience expectations.
Financial institutions must comply with notices while using guidelines to design and enhance their resilience frameworks.
The Monetary Authority of Singapore plays a dual role:
MAS establishes:
Its objective is to ensure:
MAS actively supervises financial institutions through:
MAS also requires institutions to conduct regular BCM audits and testing to validate the effectiveness of their resilience capabilities.
MAS’s role extends beyond individual institutions to safeguarding:
This reinforces the need for industry-wide coordination and resilience.
A defining feature of MAS regulation is its principles-based approach, which differs from rigid rule-based regimes.
MAS sets broad principles and outcomes, allowing financial institutions flexibility in implementation.
Key characteristics:
For example, institutions are not given a fixed list of critical services—they must identify their own CBS based on their business model and risk exposure.
Despite flexibility, MAS expectations are clear and stringent:
MAS expects firms to move beyond “paper compliance” and demonstrate operational effectiveness.
The MAS approach can be summarised as:
|
Principles-Based Flexibility |
Regulatory Accountability |
|
Customised implementation |
Demonstrable outcomes |
|
Risk-based approach |
Strong governance oversight |
|
Innovation-friendly |
Strict supervisory review |
|
Business-driven design |
Regulatory assurance |
This balance ensures that financial institutions remain resilient while adaptable to evolving risks.
The MAS regulatory landscape provides a comprehensive and integrated framework for operational resilience in Singapore’s financial sector.
Through a combination of BCM, ORM, and TRM guidelines, supported by enforceable notices such as Notice 644, MAS establishes clear expectations for maintaining the continuous delivery of critical financial services.
Importantly, MAS’s principles-based approach places responsibility on financial institutions to design resilience frameworks that are fit for purpose, risk-based, and customer-centric.
This requires not only compliance but also strong governance, proactive risk management, and continuous improvement.
Ultimately, the MAS framework ensures that operational resilience is not treated as a standalone function, but as a strategic capability essential to financial stability, customer trust, and long-term sustainability in Singapore’s financial ecosystem.
| eBook 1 | C1 | C2 | C3 | C4 |
| C5 | C6 | C7 | C8 | |
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|