In a joint response to a public forum letter, the Monetary Authority of Singapore (MAS) and the Cyber Security Agency of Singapore (CSA) announced that they are considering requiring vendors to obtain national cybersecurity certifications, namely the Cyber Essentials or Cyber Trust mark, before they can be licensed or bid for government contracts involving access to sensitive data or systems.
This move follows a recent data breach involving a third-party vendor and underscores the growing regulatory focus on third-party cybersecurity risks.

On 24 October 2024, the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority of Singapore (IMDA) announced that the Shared Responsibility Framework (SRF) for phishing scams will be implemented on 16 December 2024 via a set of guidelines. Under the SRF, financial institutions (FIs) and telecommunication operators are assigned duties to mitigate phishing scams. The MAS and IMDA expect responsible entities to bear any scam losses arising from failure to fulfill any of the relevant duties under the “waterfall” approach.