Blog Series: Navigating Public Cloud Compliance in Singapore

Corporate compliance and regulation aren’t exciting topics. The only press compliance gets is when its lack of adherence leads to a wide blown scandal, like what we saw with Enron in 2001. In Singapore, compliance isn’t much different. However one thing clear in Singapore is that compliance is not built to stifle growth, but rather to guide innovation.

This is evident with the Monetary Authority of Singapore (MAS), which offers guidelines to Financial Services Institutions (FSIs) looking to adopt cloud services without restricting usage. FSIs are looking to cloud solutions because the benefits and advantages are compelling – it allows for a greater level of growth and services at a much lower entry point. This past July, MAS updated their Outsourcing Guidelines for FSIs to effectively give Cloud Computing the big tick (albeit with increased controls, access and security requirements). This is great news for banks, insurance firms, investment houses, and other financial institutions in Singapore who previously avoided true cloud computing solutions based on the ambiguity around its approved usage.


In light of this, more FSIs are turning to public cloud providers to being their transformation into the cloud. However, this needs to be done carefully. The MAS have now included the cloud as another form of Outsourcing in their Outsourcing Guidelines, with other requirements by the MAS and other regulatory bodies in Singapore at play:

Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Notice and Guidelines

  1. MAS Outsourcing Guidelines
  2. IDA Personal Data Protection Act

To take full advantage of the benefits, FSIs considering moving workloads into public cloud environments need experience in designing, managing, and migrating their IT environments. A robust set of governance and controls can be constructed to show auditors and regulators that risks are properly managed, accountability is retained, and the outsourcing to the cloud is appropriate and effective.

Datapipe has built a practice around AWS security and compliance to facilitate FSIs moving to the cloud in a manner that ensures MAS guidelines and requirements are met. This week, we launched a Controls Workbook that provides a detailed view of the most relevant regulations along with the actions an FSIs needs to take to comply and descriptions of how the products and services from Amazon Web Services and Datapipe can help with each one. In addition, we will be posting a series of blogs aimed at walking FSIs through the AWS onboarding process and infrastructure requirements that ensure compliance when moving into an AWS environment.

Upcoming blogs will discuss:

  • Singapore compliance regulations to be considered for FSIs moving into an outsourced or cloud environment for their IT.
  • What Governance and Governance requirements mean for FSIs operating in APAC.
  • Understanding types of controls and what is required for FSIs operating in APAC.
  • Vendor Compliance Competencies as laid out by the MAS’s TRM Notice and Guidelines.