MAS Guidelines and Regulations Governing Digital Advisors
Prime Minister's OfficeSpeakers
Summary
This question concerns Miss Cheng Li Hui’s inquiry regarding the adequacy of regulations for digital advisors and the robustness of MAS guidelines for managing technology and cyber risks. Senior Minister Tharman Shanmugaratnam stated that digital advisors are regulated under the Financial Advisers Act and are subject to the same rules as brick-and-mortar entities. He explained that advisors must implement methodologies to monitor algorithms, employ competent staff, and adhere to Technology Risk Management guidelines for cyber resilience. Compliance is ensured through MAS’s supervisory framework, which includes post-authorisation audits, offsite reviews, and onsite inspections to identify and rectify system weaknesses. Senior Minister Tharman Shanmugaratnam concluded that while current regulatory and supervisory frameworks are effective, MAS continues to review and improve the system.
Transcript
2 Miss Cheng Li Hui asked the Prime Minister (a) whether there is a need to strengthen regulations governing digital advisors in order to better protect the interests of Singaporean investors; (b) whether the current MAS guidelines have resulted in the establishment of adequate and robust frameworks by digital advisors to manage technology and cyber risks; and (c) what mechanism is in place for the Government to ensure compliance with the regulations and effective adoption of the guidelines.
Mr Tharman Shanmugaratnam (for the Prime Minister): Financial advisory services are regulated under the Financial Advisers Act (FAA). Under the Act, digital advisers conducting similar regulated activities as brick-and-mortar entities are subject to the same rules.
In addition, the Monetary Authority of Singapore (MAS) has issued guidelines to clarify how relevant FAA regulations should be applied to digital advisers. For example, under the FAA, financial advisers must have a reasonable basis for product recommendations to customers. In the digital world where advice is generated by algorithms, digital advisers must put in place methodologies to test and monitor the performance of algorithms. Digital advisers must also be staffed by persons who have the competency and expertise to develop, review and test the methodology of the algorithms. Where appropriate, MAS will also require digital advisers to undergo a post-authorisation audit covering the governance and control of their algorithms.
Another example is the guidelines on outsourcing. Digital advisers may outsource the development and maintenance of their algorithm-based tools or back-end activities, but they remain responsible for the risks of these outsourced activities and have to observe MAS' guidelines on Outsourcing and Technology Risk Management (TRM). The TRM guidelines set out IT risk management principles and best practices to strengthen their cyber resilience and guard against cyberattacks.
MAS also supervises financial institutions, including digital advisers by conducting offsite reviews and onsite inspections. We assess the robustness and effectiveness of systems to mitigate market conduct, technology and cybersecurity risks, and require financial institutions to rectify any weaknesses discovered.
There is hence an effective regulatory and supervisory framework to supervise digital advisers, but MAS continues to review and improve the system.