Outsourcing continues to be prevalent in today's business landscape. In outsourcing, Financial Institutions (“FIs”) rely on the outsourced service providers to perform certain business functions. While outsourcing has proven to be effective; FIs should ensure that their service providers maintain the same level of governance, rigour and consistency as if the services were still managed by themselves.

Loss of customer information or confidential data, or disruptions to critical bank services may result in reputational risk impacts or regulatory breaches. Outsourcing risks must be managed to safeguard the FIs’ operations and customers. The service can be outsourced, but the risk cannot.

To address this, the Association of Banks in Singapore (“ABS”) has established these Guidelines on Control Objectives and Procedures for the FIs’ Outsourced Service Providers (“OSPs”) operating in Singapore. These Guidelines form the minimum/baseline controls that OSPs which wish to service the FIs should have in place. However, FIs with specific needs should continue to liaise with their OSPs on a bilateral basis to impose any additional specific requirements. Where the OSPs deem necessary, OSPs are encouraged to supplement these minimum/baseline controls with specific controls as they relate to the security, availability, processing integrity and/or confidentiality of their service. Examples of such controls are included in Section III ‘Service Controls’, item (b) ‘Authorising and Processing Transactions’.

By complying with the Guidelines, OSPs can assure the FIs that their controls are designed and operating effectively to meet the control objectives that are relevant in the provision of the outsourced services


KPMG will work with your team and conduct a combination of interviews, workshops, policy and process reviews and technical testing — always taking a positive approach to help you manage your cyber security issues.

To strategically enable your ongoing transformation, KPMG brings an uncommon combination of strengths — cyber expertise, in-depth business understanding and extraordinary people that deliver innovative thinking and practical implementation to the automated world. We’ll use our strengths to help you get an enviable combination of your own: confidence, agility and resilience.

Cyber security options - Venn diagram

Connect with us

Connect with us