Banks and credit card providers in Singapore should consider updating their outsourcing arrangements in anticipation of stricter new laws.

Singapore's Government has proposed new powers to regulate more closely the outsourcing arrangements of banks and credit card providers regulated by the Monetary Authority of Singapore (MAS), and to impose stricter sanctions. If passed, the Banking (Amendment) Bill 2019 (Bill) will strengthen MAS' supervisory oversight of outsourcing arrangements by regulated entities by:

  • requiring regulated entities to include in their outsourcing agreements:
    • explicit direct rights for MAS to audit the service provider;
    • stronger protections of customer information; and
    • additional termination rights; and
  • giving MAS additional sanctions against those who do not comply with regulated outsourcing rules (including those in the 2016 MAS outsourcing guidelines).

More generally the Bill introduces greater powers to revoke banks' licences.

This follows shortly the Hong Kong Securities & Futures Commission's new rules requiring more direct oversight of licensed corporations' cloud service providers and activities, and appears to reflect a concern by regulators in Asia that increased complexity and use of technology and outsourcing has made oversight more challenging.

That said, third party cloud and outsourcing service providers have not fully welcomed these regulatory incursions, meaning regulated entities are often now caught in the middle between the solutions on offer in the market (or having to pay a much higher price) and the toughening compliance framework.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.