Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Singapore financial services and markets bill: Everything you need to know

financial services and markets bill
Financial institutions could face higher penalties for a cyber attack or disruption to essential services if a the Financial services and Markets Bill is passed into law.

The Singapore Financial Services and Markets Bill (FSM Bill) was introduced for reading in the Singapore Parliament on 14 February 2022. Simultaneously, the Singapore Monetary Authority (MAS) released an explanation brief and a response to industry responses about its consultation on the proposed FSM Bill (originally titled the proposed Omnibus Act).

The Monetary Authority of Singapore Act now vests the MAS with supervisory authority over Anti-money Laundering and Counter-terrorism Financing (AML/CFT), financial institution supervision, and financial sector dispute resolution systems.

Recognizing the growing importance of a financial sector-wide regulatory approach, the FSM Bill was introduced to strengthen the MAS’ agility and effectiveness in addressing financial sector-wide risks in an ever-changing and increasingly integrated world.

The financial services and markets bill‘s key aspects

(A) Streamlined and extended prohibition powers

Currently, the MAS can issue prohibition orders (POs) barring particular persons from engaging in specific activities or holding crucial positions in Financial institutions (FIs). These POs help maintain trust in Singapore’s financial system by deterring severe misbehavior.

But the MAS’s present PO authority is restricted. Individuals governed by other MAS-administered statutes are not eligible for POs. Other reasons for issuing POs are confined to a list of precise criteria established in the applicable acts, and restrictions are generally related to holding designated positions, such as directorships and engaging in regulated activities.

The FSM Bill consolidates and enhances the MAS’s ability to prohibit unfit persons from participating in any MAS-controlled activity. A PO will only be issued if the requirement is met. The MAS can issue more POs and potentially cover more activities with this new flexibility.

Despite the MAS’s enlarged power to issue POs, they will mostly go to people connected to the financial sector. The MAS will also use its power in proportion to the risk, type, and degree of the misbehavior and the impact on the financial industry. Those advised of the MAS’s purpose or issued POs may also appeal to the minister or defend themselves before the MAS.

(B) Stricter regulation of virtual asset service providers to address the concerns of money laundering and terrorist financing

Providers of virtual asset services

Virtual asset service providers (VASPs) must be licensed or registered in the jurisdictions in which they are created under the enhanced Financial Action Task Force (FATF) standards adopted in June 2019.

The FSM Bill will regulate any VASPs established in Singapore that provide virtual asset services outside of Singapore under the upgraded FATF criteria. Outside of Singapore, such VASPs that provide digital token (DT) services will be regulated as a new class of FIs, subject to license and ongoing requirements. This helps limit the reputational risks associated with money laundering and terrorism financing (ML/TF) while ensuring that the MAS has proper supervisory oversight of such VASPs.

Scope of DT services

The FSM Bill will bring DT services into line with the FATF’s upgraded criteria. DT services that include and go beyond the present definition of ‘DPT services’ under the Payment Services Act 2019.

AML/CFT supervisory oversight

Given the inherent ML/TF concerns associated with anonymous and fast-moving DT services, the FSM Bill will focus on VASPs. The FSM Bill will confer broad authority on VASPs, including imposing licensing requirements and conducting AML/CFT inspections, and providing support to domestic authorities and the MAS’ international AML/CFT supervisory counterparts.

Such anti-money laundering/counter-terrorism financing standards imposed on VASPs will be consistent with those imposed on DPT service providers registered under the Payment Services Act 2019. 

Also Read: The necessity of a data protection plan for businesses in Singapore

The Singapore Monetary Authority (MAS) released an explanation brief and a response to industry responses about its consultation on the proposed FSM Bill

(C) Harmonized authority to impose standards on risk management in technology

To safeguard the safety and soundness of the information technology systems used by financial institutions to supply financial services, the FSM Bill consolidates the MAS’ authority to impose technology risk management standards on any FI or class of FIs. The maximum penalty for violations of any issued regulations or notices will be S$1 million, consistent with other government agencies’ existing penalty systems. 

(D) Statutory immunity for mediators, adjudicators, and staff of an authorized dispute resolution scheme operator

The FSM Bill will offer statutory protection against responsibility or claims by a complainant or FI for mediators, adjudicators, and employees of an operator of a recognized dispute resolution scheme. This builds their confidence and autonomy, enabling them to do their jobs to their best abilities.

The proposed amendment will bring the proposed level of protection in line with that provided by other public dispute resolution bodies in Singapore and elsewhere. Notably, the legislative immunity would apply only to activities performed with reasonable care and good faith, not to those involving willful wrongdoing, negligence, fraud, or corruption.

FSM Bill will bring DT services into line with the FATF’s upgraded criteria

Financial services and markets bill: A higher penalty for Institutions 

Financial institutions could face higher penalties for a cyber attack or disruption to essential services if a new Bill is passed in Parliament. This is considered a good thing for ordinary consumers or clients as this will ensure stricter compliance for institutions with regard to their cybersecurity hygiene. 

The passage of the Bill increases the maximum penalty for violating a technology risk management requirement to $1 million.

However, a technology event that affects a financial institution’s customers or other industry participants may involve violations of several of these requirements, meaning that the financial penalty for a serious cyber-attack or disruption of an essential financial service could be much more than $1 million. These situations include disruptions to the ATM network and internet trading.

“The quantum proposed is intended to underscore the critical importance of technology risk management to FIs’ operations and the sound functioning of the financial system,” said Alvin Tan, Minister of State for Trade and Industry, and Culture Community, and Youth.

“This will strengthen the confidence and autonomy of these individuals when they carry out their duties and align the level of protection for them more closely with that of other public dispute resolution bodies in Singapore and internationally,” he added.

The Monetary Authority of Singapore Act now vests the MAS with supervisory authority over AML and CFT.

How a DPO can help organizations

A Data Protection Officer (DPO) oversees data protection responsibilities and ensures that organizations comply with the Personal Data Protection Act (PDPA). Every Organization’s DPO should be able to curb any instances of cyber threats as it is the officer responsible for maintaining the positive posture of an organization’s cybersecurity. 

For instance, at Privacy Ninja, we randomly conduct simulated email phishing to clients to see if there are any vulnerabilities present that a bad actor can exploit and patch them to ensure that the client will never be a victim of such a scam. 

DPOs complement the efforts of Organizations in battling scams as DPOs ensure that when there is an instance of a cyberattack, a protocol for dealing with it has been established and can be employed to protect the personal data of clients. DPOs play a crucial role when an organization is hit with phishing attacks as they ensure safeguards are put in place to combat it when it happens.

As a consumer who provides my very own sensitive information to each Organization I encounter or have a transaction with, I would feel safe if an organization would take an extra mile to protect my data to avoid a higher penalty.

Also Read: Guarding against common types of data breaches in Singapore



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us