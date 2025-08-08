The Monetary Authority of Singapore (MAS) has issued Notice FSM-N31on Cyber Hygiene effective 30th June, 2025. It mandates all licensed Digital Token Service Providers (DTSPs) to adopt robust cyber hygiene measures.

This notice applies to all DTSPs licensed under Section 138 of the Financial Services and Markets Act, 2022 (FSM Act) and is aimed at safeguarding critical systems, administrative accounts and customer data against cyber threats.

Whom does DTSPs apply to?

It applies to every DTSPs licensed under the FSM Act. An exception to compliance applies only where a DTSP is unable to exercise direct or indirect control over a system to comply with the requirements of this notice and it is not reasonably practicable to engage an alternative provider over whom such control can be exercised. In such cases, the DTSP is exempt from the relevant requirement to that extent.

What the DTSPs need to do?

The notice lays down certain cyber hygiene practices that DTSPs should follow:

Secure Administrative Account: Secure all accounts with full privileges and un-restricted access to an OS, application, database, security appliance etc. by using practical measures like strong password policies, multi-factor authentication etc. Put safeguards in place to prevent any unauthorised access or misuse.

Apply Security patches: Use security patches to fix vulnerabilities promptly (based on the risk level). If no patch exists, implement interim controls to manage the risk.

Set & Enforce Security Standards: Prepare and implement a written set of security standards for every system you use. Ensure all systems comply with those standards or apply compensating measures where compliance isn't possible.

Strengthen Network Perimeter Defences: Since unauthorised access to essential data is serious threat, DTSPs must-

Use firewalls, filters, and intrusion detection to block unauthorised traffic.

Regularly review and tighten perimeter rules.

Deploy Malware Protection

It is very crucial to have a defence mechanism to protect systems from malware infection. DTSPs must install and update anti-malware solutions across all systems.

Key compliance takeaways for DTSPs

The MAS Notice on Cyber Hygiene marks a pivotal step in strengthening Singapore's digital financial ecosystem. For DTSPs, this is not just another compliance checkbox, it is an essential framework for building trust, protecting customer data and ensuring operational resilience.

The notice sets out the following key compliance considerations:

Prioritise critical systems

Harden administrative accounts

Apply security patches promptly

Enforce written security standards

Defend network perimeter

Maintain effective malware protection

By adopting these, DTSPs not only ensure regulatory compliance but also fortify their reputation as secure, responsible and future-ready players in the digital token space.

