MAS – Guidelines on Technology Risk Management  (issued 2021)

The guidelines provide a comprehensive framework for financial institutions (FIs) to manage technology risks. They cover various aspects of technology risk management, including the management of third-party services, system availability, system recoverability, cyber security operations, and IT project management.

“A well-defined vetting process should be implemented for assessing third parties’ suitability in connecting to the FI via APIs, as well as governing third party API access. The vetting criteria should take into account factors such as the third party’s nature of business, cyber security posture, industry reputation and track record.”