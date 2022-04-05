Financial institutions (FIs) could face higher penalties for a cyber attack or disruption to essential services if a new Bill is passed in Parliament.

FIs today rely heavily on technology to deliver financial services, Monetary Authority of Singapore (MAS) board member Alvin Tan told Parliament yesterday at the second reading of the Financial Services and Markets Bill.

But the current maximum penalties for breaching technology risk management requirements are often not commensurate with their impact.

With the passing of the Bill, the maximum penalty for each breach of a technology risk management requirement will be raised to $1 million.

A technology event which impacts on FIs' customers or other industry participants could involve breaches of several such requirements, so financial penalties could be much more than $1 million for a serious cyber attack or disruption to an essential financial service. Such situations include ATM network and online trading disruptions.

"The quantum proposed is intended to underscore the critical importance of technology risk management to FIs' operations and the sound functioning of the financial system," said Mr Tan, who is also Minister of State for Trade and Industry, as well as Culture, Community and Youth.

The Financial Services and Markets Bill, first tabled in Parliament in February, will also give the regulator more oversight in areas such as prohibition orders and digital token services.

The MAS will have broader powers to impose prohibition orders - issued in cases of serious misconduct such as fraud - against persons who have shown themselves to be unfit to perform key roles, activities and functions in the financial industry. This is now limited to certain persons such as trading representatives and insurance agents.

The proposed law will also allow MAS to regulate digital token service providers created in Singapore but which do not provide their services here. Digital tokens include digital payment tokens, or cryptocurrencies, and digital representations of capital markets products.

Currently, entities that provide digital token services in Singapore are regulated but not those created in Singapore that provide services elsewhere. The Bill seeks to license these players and impose anti-money laundering and terrorism financing requirements on them.

A total of seven MPs spoke on the Bill. Mr Saktiandi Supaat (Bishan-Toa Payoh GRC) cautioned that the high technology risk management penalty could discourage FIs from working with fintech start-ups that might not be able to invest in complex cyber security defences.

Workers' Party MP Louis Chua (Sengkang GRC) said that while digital token licences should not be hastily awarded, approving them for responsible players will allow the sector here to flourish.