On 6 March 2026, the Monetary Authority of Singapore (“MAS“) published a consultation paper seeking feedback on the proposed updated MAS Guidelines on Operational Risk Management (“ORMG“). The consultation period ends on 20 April 2026.
The updated ORMG will supersede the Guidelines on Risk Management Practices – Operational Risk that was published in March 2013. The updated ORMG builds on MAS’ existing expectations and incorporates key elements of guidance by the Basel Committee on Banking Supervision (BCBS).
MAS notes that the importance of operational risk management has grown with the increasing digitalisation of financial services, greater reliance on third parties (including intra-group service providers), and the evolving threat of cyber-attacks.
It is proposed that following the conclusion of the consultation, the updated ORMG come into effect six months after its publication.
Key proposed changes include:
Risk Proportionate Implementation
MAS proposes to apply the updated ORMG to all financial institutions (“FIs“) on a proportionate basis, balancing the effort required to observe the expectations with the level of operational risk present in an FI’s business products, activities, processes, and systems.- Public Disclosure of Operational Risk Management Information and Code of Conduct
MAS proposes that domestic systemically important banks and insurers (D-SIBs / D-SIIs) publicly disclose their approach to operational risk management and their operational risk exposures, and its code of conduct.
- Change Management
MAS proposes that FIs establish robust change management processes to identify and assess material incremental operational risks arising from planned changes in their operations, including relevant policies, standards, and procedures for approving changes.
- Oversight of Branches and Subsidiaries
FIs with branches or subsidiaries that are subject to consolidated supervision by MAS, or that are owners of critical information infrastructure (as defined in the Cybersecurity Act 2018), are expected to consider the operational risk of those branches and subsidiaries – including those located outside Singapore – on their consolidated operations. Such FIs should ensure that the updated ORMG are observed by their branches and subsidiaries through the application of an ORM framework that is consistent with the updated ORMG.
The consultation paper on the proposed updated ORMG is available here.
Disclaimer
Rajah & Tann Asia is a network of member firms with local legal practices in Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. Our Asian network also includes our regional office in China as well as regional desks focused on Brunei, Japan and South Asia. Member firms are independently constituted and regulated in accordance with relevant local requirements.
The contents of this publication are owned by Rajah & Tann Asia together with each of its member firms and are subject to all relevant protection (including but not limited to copyright protection) under the laws of each of the countries where the member firm operates and, through international treaties, other countries. No part of this publication may be reproduced, licensed, sold, published, transmitted, modified, adapted, publicly displayed, broadcast (including storage in any medium by electronic means whether or not transiently for any purpose save as permitted herein) without the prior written permission of Rajah & Tann Asia or its respective member firms.
Please note also that whilst the information in this publication is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as legal advice or a substitute for specific professional advice for any particular course of action as such information may not suit your specific business and operational requirements. You should seek legal advice for your specific situation. In addition, the information in this publication does not create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on the information in this publication.
