MAS’ Experts Panel shares recommendations for cyber resilience

The Monetary Authority of Singapore’s (MAS) Cyber and Technology Resilience Experts (CTREX) Panel* conducted its inaugural meeting on 16 April 2025, discussing a range of topics, including technology resilience, third-party risks, quantum security and digital financial scams.

Recommendations from the meeting include:

Adopting a service-centric approach to strengthen operational resilience

The panel highlighted the importance of viewing disruptions from the customer’s lens, and adopting an end-to-end approach in measures to enhance the availability and continuity of digital financial services. 

Financial institutions (FIs) were also recommended to move beyond routine, scripted IT disaster recovery exercises by incorporating unscripted elements into their regular disaster recovery drills. This will better prepare FIs to respond effectively to real-world IT incidents and strengthen their overall operational resilience, the panel said.

Addressing third-party and open-source software risks in the IT supply chain

The panel emphasised the need for FIs to understand how specific risks may arise from their IT vendors and use of open-source software, in order to develop effective risk assessments and mitigation strategies. This includes maintaining a comprehensive inventory of IT components used within FIs, and mapping their third-party dependencies to address potential supply chain risks.

Preparing the industry for post-quantum security

The panel cautioned about the materialising security threats posed by quantum computers, and recommended that FIs inventorise, without delay, their use of cryptographic solutions across their operations. This will allow FIs to better prioritise the replacement of cryptographic solutions that are prone to quantum attacks. 

Enhancing anti-scam measures

The panel highlighted the increasing sophistication of digital financial scams, and emphasised the need for FIs to adopt a multilayered approach in addressing emerging scam campaigns. This could include the use of artificial intelligence for fraud detection, phishing-resistant authentication, greater information sharing among FIs on new scam typologies, and continuing to bolster customer education.

The CTREX Panel was formed in August 2024 to advise MAS on key emerging cyber and technology risks facing Singapore’s financial sector, and recommend strategies to enhance its resilience.

*The CTREX Panel comprises 13 global industry thought leaders, experts and practitioners in cybersecurity and technology resilience from Acronis/Constructor Group, Amazon Web Services, Citigroup, the Cybersecurity Agency of Singapore/Ministry of Digital Development and Information, Google Cloud, HSBC, Mastercard, Microsoft, Nasdaq, Qualtrics, Rapid7, Sonatype, and UBS Group.