Singapore launches updated guidelines for outsourced service providers
SINGAPORE, SINGAPORE — The Association of Banks in Singapore (ABS) recently unveiled its updated ABS Guidelines on Control Objectives and Procedures for Outsourced Service Providers (OSPs) Version 2.0 (OSPAR v2.0).
The latest version aims to ensure that OSPs servicing Financial Institutions (FIs) uphold a high standard of control and governance, aligning with the stringent requirements set by the Monetary Authority of Singapore (MAS).
The revision to OSPAR v2.0 incorporates feedback from the industry and integrates key elements from MAS’s recent regulatory updates, including MAS Notice 655 on Cyber Hygiene, MAS Technology Risk Management (TRM) Guidelines, and MAS Guidelines on Business Continuity Management.
By adhering to these updated guidelines, OSPs can assure FIs that their controls are designed and operating effectively to meet the relevant control objectives in the provision of outsourced services.
One of the notable changes in OSPAR v2.0 is the increase in the total number of control criteria, which has risen by around 40 from OSPAR v1.1, bringing the total to around 140.
This expansion includes the addition of new domains under General IT Controls, such as Data Security, Cryptography, and Software Application Development and Management, as well as a new domain under Service Level Control focusing on Business Continuity Management.
Furthermore, OSPAR v2.0 introduces additional cloud-specific control criteria relevant to cloud service providers and OSPs offering SaaS/PaaS/IaaS solutions.
This includes 17 new control criteria across various domains, ensuring a comprehensive approach to managing the risks associated with cloud services.
The ABS Guidelines v2.0 apply to all OSPs in Singapore that undertake material, ongoing outsourced relevant services for FIs in Singapore.
This includes OSPs physically located in Singapore, those undertaking material ongoing outsourced relevant services with FIs in Singapore, and their subcontractors providing part of the services covered under the material ongoing outsourced relevant service with the FIs.
With the release of OSPAR v2.0, OSPs are encouraged to assess and implement the necessary changes to comply with the new requirements, considering the transition plan and the advantages of early adoption.
This initiative by ABS is a step forward in enhancing the resilience and security of the financial sector’s outsourcing ecosystem, ensuring that outsourced services are governed with the same level of rigor and consistency as if they were managed in-house.
