1.1 What Constitutes an "Outsourced Relevant Service"
1.2 The Concept of "Materiality" and its Impact
1.3 Key Definitions: Service Provider, Sub-Contractor, Customer Information
1.4 The "Why": Understanding MAS's Focus on Systemic and Reputational Risk
2.1 The Shift from Guidelines to Legally Binding Notices
2.2 Scope of Application: Banks, Merchant Banks, and Other Financial Institutions
2.3 Interplay with Other Key Regulations: TRM Guidelines, Notice on Cyber Hygiene, Banking Act (Section 47)
2.4 Overview of the Outsourcing Register Requirement
3.1 The Role of the Board and Senior Management in Oversight
3.2 Establishing a Group-Wide Outsourcing Risk Management Framework
3.3 Defining Risk Appetite and Approval Authorities
3.4 Proving Accountability: Why You Can Outsource the Function, But Not the Risk
4.1 Initial Due Diligence: Assessing a Vendor's Risk Framework, Reputation, and Financial Strength
4.2 Ongoing Monitoring: Frequency and Scope (Within 24 Months and Ongoing)
4.3 Independent Audits: The "At Least Once Every Three Years" Rule for Material Arrangements
4.4 Understanding and Leveraging "Pooled Audits" (e.g. OSPAR Reports)
5.1 MAS's Stance on Confidentiality and Data Protection
5.2 The Critical Consent Requirement for Sub-Contracting Arrangements Involving Customer Data
5.3 Measures for Protecting Data in Cross-Border and Cloud Arrangements
5.4 Requirements for Data Destruction or Rendering Data Unusable Upon Termination
Conclusion
Instructions
Questions
