• Singapore has been dedicated to Smart Nation transformation since 2014 by developing technologies and encouraging innovations in key domains, including health, transport, urban solutions, finance, and education. In the digital era, the government agencies together with every industry took initiatives from regulatory perspectives to support and drive digital technology adoption. A strong infrastructure will be the foundation of all the plans and projects, which makes cloud computing technologies one of the critical enablers in the digital revolution journey.

  • Regulators:
    The Personal Data Protection Commission regulates personal data protection in Singapore.


    General Privacy Laws:
    PDPA - Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPC). The PDPC establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data. The PDPC released a guide on the use of cloud services in October 2019. Please click here to read the guidelines.


    Data Cross-Border Transfer Requirements:
    The PDPA contains offshore personal data transfer restrictions. The requirements include
    1) The receiving organization has “comparable protection” in place as set in the Act, and;
    2) There are written data transfer agreements in place, so that the recipient is bound by legally enforceable obligations, and;
    3) The individual has given deemed or express consent to such transfer.

  • Overview:
    Alibaba Cloud offers a high degree of flexibility in designing and implementing the IT architecture on the cloud with three Availability Zones in Singapore. With proper solution design, it can meet the requirements of security, resilience, recoverability, and performance for regulated entities in the Financial Services industry. Alibaba Cloud has helped several customers minimize the risks of losses in confidentiality, integrity, and availability when moving to a public cloud.
    Alibaba Cloud is committed to facilitating the customers in compliance with the financial industry-specific regulatory requirements, including the initial high-level due diligence and risk assessment, solution selection, implementation and transition, and post-implementation assurance. Alibaba Cloud provides a full suite of offerings that can help, including responses in every due diligence evaluation aspect, best practices in services and product configuration, automated and continuous security check tools, as well as assurance over the design and operational effectiveness of internal controls.


    Regulator:
    Singapore's central bank, the Monetary Authority of Singapore (MAS), regulates financial institutions, including banking and non-banking institutions.


    Regulations/Guidelines to look at when using cloud computing services:

    The MAS Guidelines on Technology Risk Management set out principles and best practices for Financial Institutions (FIs) to establish a sound and robust technology risk management framework to make sure that IT systems and networks are capable of supporting the FI’s business transactions as well as protecting the consumer data and payments.


    The MAS Guidelines on Outsourcing provide guidance and recommendations on prudent practices on risk management of outsourcing. An adequate outsourcing risk management framework is expected to be in place for the risk-mitigating purpose during the oversight and management of outsourcing arrangements.


    The Business Continuity Management Guidelines encourage FIs to adopt sound Business Continuity Management frameworks to minimize the impact on businesses due to operation disruptions and to ensure the continuity of the critical business functions. With IT outsourcing, the FIs business continuity should not be compromised or hindered.


    Is cloud permitted?
    Yes.


    Is there any additional approval needed?
    FIs need to maintain an updated register of all existing outsourcing arrangements in the format as per the template available on the MAS website. The updated register has to be submitted to MAS annually or upon request. MAS will assess the adequacy of the FIs observance of the outsourcing guidelines.


    Are offshore outsourcing arrangements allowed?
    The MAS does not restrict the FIs from outsourcing services to service providers in a foreign country. However, more risks, including country risks (political, social, economic conditions), as well as the level of legal and regulatory requirements in the foreign country, need to be taken into consideration during the due diligence process. Moreover, though the information and data can be moved to a foreign country, it should not hinder the MAS’s right to retrieve such information or to perform auditing/supervising over the FIs business operations

Informational Resources
Alibaba Cloud has engaged with the ABS approved auditors to perform an OSPAR audit over the control objectives set out in the guidelines and it has confirmed full compliance.
In this user guide, Alibaba Cloud has listed the pertinent information to each of the applicable requirements in the MAS TRM guidelines.
In this user guide, Alibaba Cloud has laid out the measures and controls in mitigating the associated risks, especially risks associated with Cloud Services that have been denoted by MAS.

Start with Alibaba Cloud Solutions

Learn and experience the power of Alibaba Cloud with a free trial.

Contact Sales