Argomi User Guide to MAS Outsourcing Regulations in Singapore

Similar documents
Sarbanes-Oxley Compliance Kit

ABS GUIDELINES ON CONTROL OBJECTIVES & PROCEDURES FOR OUTSOURCED SERVICE PROVIDERS. FREQUENTLY ASKED QUESTIONS 15 June 2017.

RISK MANAGEMENT REPORT

Smart decisions. Lasting value.tm

LI & FUNG LIMITED ANNUAL REPORT 2016

How to Stand Up a Privacy Program: Privacy in a Box

A robust and systematic review.

SUPPLIER CODE OF CONDUCT

Further excellence. Freedom of association. How can you enhance social responsibility within your supply chain? Social responsibility Audit solutions

Risk Advisory Services Developing your organisation s governance for competitive advantage

CORPORATE GOVERNANCE King III - Compliance with Principles Assessment Year ending 31 December 2015

Advanced Audit Techniques

MANAGING RISK AT SUNCORP

Transparency in the digital age: companies should talk about their cyber security

Oversight by Board, Risk Management & Audit Committee (RMAC) and other committees. Second line of defense

Acquiring Cloud Services A Contracting Officer s perspective

Singapore Annual Public Disclosure Report

Aconex for Government. Servicing Projects with High Compliance Requirements

IBM System Storage. IBM Information Archive: The next-generation information retention solution

REBOSIS PROPERTY FUND LIMITED AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

IBM Data Security Services for activity compliance monitoring and reporting log analysis management

Heightened standards for compliance risk management. Lines of defense compliance s role

Certificate in Internal Audit IV

APPLICATION OF THE KING IV TM PRINCIPLES

THE ARCG CHARTER. Issued in March 2008

TREATING CUSTOMERS FAIRLY INTERNAL POLICY

B U S I N E S S R I S K M A N A G E M E N T L T D

Date: INFORMATION GOVERNANCE POLICY

Family Office and Concierge Services

AN INNOVATIVE PARTNER FOR BROKER DEALERS. Powerful technology with dedicated client service

Risk Oversight and Management

Implementing Sound CASS Governance

Third Party Governance and Risk Management

RSA ARCHER IT & SECURITY RISK MANAGEMENT

King IV Application Register

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

Information governance for the real world

Governance Institute of Australia Ltd

Are you ready for IFRS 9? Structured, assured, cost effective IFRS 9 compliance solutions from Sopra Steria

Making Payroll Pay. Access the true value of your payroll. 89% of employers expect international mobility to increase 89% March 2017

Knowledge Management within ITSM

OPERATIONS AND TECHNOLOGY MANAGED SERVICES

SECTION 18. INFORMATION TECHNOLOGY AND COMMUNICATION SYSTEMS RECORDS

White Paper Integrating Duck Creek Technologies with ECM. Reducing complexity for the commercial insurance carrier

RISK MANAGEMENT POLICY AND PROCEDURES AD-P009

peace of mind kit FAQ s Q: Is AccuPay bonded?

Internal audit effectiveness reviews. Working in partnership to help you enhance the quality and effectiveness of your internal audit function

Pool Data: 2/18/2018. Best Practices and Practical Considerations. Do you have the Moneyball Mindset at your pool?

Corporate Governance Principles 2015

ADVANCING FROM RIM TO IG BEYOND YOUR PROJECT PLAN

ANTI-MONEY LAUNDERING SERVICES EXPERTS WITH IMPACT

WORKING WITH THIRD PARTIES POLICY POLICY ADOPTED MARCH 2015, REVISED FEBRUARY 2017

Certified Regional Partner Program Overview

Certificate in Enterprise Risk Management

Data Protection Policy

Certificate in Internal Audit 3. Advanced Audit Techniques

OneShield Enterprise Solutions: OneShield Claims. Simplify and automate every stage of your claim lifecycle

Charles River Software as a Service (SaaS)

Accelerate GDPR compliance with the Microsoft Cloud Henrik Mønsted

Ensuring Organizational & Enterprise Resiliency with Third Parties

Corporate Counsel Session 2

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2016

SHOPRITE HOLDINGS LTD. King III Reporting in terms of the JSE Listings Requirements

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

PRINCIPLES OF KING IV AND DISCLOSURE REQUIREMENTS

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

Facilities Controller Job Description

The U.S. Occupational Safety and Health

Risk Management For and By the BOT. Secured BOT Series

CORPORATE GOVERNANCE King III - Compliance with Principles Assessment Year ending 31 December 2016

International Governance Decisions

Enterprise Risk Management

Why Is Third Party Risk Management Important?

Corporate Governance Statement

Advanced Audit Techniques

TOYOTA FINANCIAL SERVICES (SOUTH AFRICA) LIMITED

PREDICTIVE INTELLIGENCE SECURITY, PRIVACY, AND ARCHITECTURE

Best Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES

Recommendation: Directory Services Architecture and Future IAM Governance Model

JOB DESCRIPTION. Nadi Head Of ICT As follows

THE PRIVATE EQUITY CFO S GUIDE TO FUND PERFORMANCE ANALYTICS

Defining and promoting excellence in the provision of mobile money services

COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY

I D C T E C H N O L O G Y S P O T L I G H T

Portfolio Management. A fully integrated portfolio management and reporting solution

SUMMARY OF KING IV PRINCIPAL DISCLOSURES. Leadership, ethics and corporate citizenship

Singapore s regulatory sandbox new consultation

Atlant s atwatch CAPA TM. Corrective and Preventive Action System (CAPA) Product & Services Bundle for

Self Assessment Workbook

Governance Spotlight: Compliance Management Systems 10 Steps to Compliance Management Best Practice

Morasey Capability Statement. Capability Statement IENVIRONMENT ISAFETY IPROPERTY RISK MORASEY MORASEY MORASEY. Page 1

Ready for GDPR? Five steps to turn compliance into your advantage

US Business Continuity Safeguarding Your Business from a Disaster

Going beyond PwC s Certification and Compliance services

ISO Sustainability Policy

UK STEWARDSHIP CODE RESPONSE BY GENERATION INVESTMENT MANAGEMENT LLP OCTOBER 2016

Financial Services Internal Audit insights. Effective Internal Audit RAISING THE BAR. May 2014

Internal Audit Department 350 South 5 th Street, Suite 302 Minneapolis, MN (612)

Learning & Development Manager, Global investment bank

Managing the Business Associate Relationship: From Onboarding to Breaches. March 27, 2016

Transcription:

Argomi User Guide to MAS Outsourcing Regulations in Singapore September 2017 Aarti Sreenivas & Ned Lowe

Contents Page 1. Introduction 2. A Fresh Take on Compliance 3. Argomi & AWS 4. MAS Outsourcing Guidelines Page 1

I. Introduction Regulators worldwide recognise the monetary and operational benefits outsourcing brings to financial institutions. Nevertheless, they are also aware of its risks and place a direct responsibility on financial institutions to uphold stringent outsourcing standards. At Argomi, we recognise how crucial risk management is to your business. Your trust is important to us; which is why we have prepared this document to illustrate how we work with our clients to mitigate reputational, compliance and operational risks that may arise from an outsourcing arrangement. For this purpose, we have relied on the MAS Outsourcing Guidelines as a benchmark. 1 This whitepaper evaluates MAS s Outsourcing Guidelines to Argomi s current processes. II. A Fresh Take on Compliance Argomi s mission is to eliminate data fragmentation across the financial industry. The problem of data fragmentation is especially rife across compliance departments, where data is often stored manually across different files and excel spreadsheets that are not secure. Furthermore, data governance has been an area of focus for regulators since the Global Financial Crisis and firms are increasingly pressured to furnish digital copies of files and records upon request. ediscovery is increasingly common and in such cases, firms must assure that information is able to be searched and retrieved in a timely manner. Yet, most asset managers are struggling to keep abreast of these fast-moving requirements and fail to solidify their compliance framework in a technologically sound manner. This is where Argomi wants to make a difference. Argom i incorporates cutting-edge technology to support audit trails which include timestamps and user-modification traceability. Our cloud based system automatically provides financial institutions the ease of data management without the cost and operational challenges of physical servers. Please see argomi.com for more information. 1 MAS Outsourcing Guidelines ( http://www.mas.gov.sg/~/media/mas/regulations%20and%20financial%20stability/regulatory%20and %20Supervisory%20Framework/Risk%20Management/Outsourcing%20Guidelines_Jul%202016.pdf ) Page 2

III. AWS & Argomi The Argomi platform sits on top of Amazon Web Services (AWS) and heavily leverages the huge amount of experience and platform maturity that they have built up over the years. Argomi has teamed with AWS to ensure that Argomi is following best practices and is engineered to be as secure and compliant as possible. Argomi uses a safe and secure database in the cloud, built on the infrastructure provided by Amazon Web Services. The AWS Cloud operates 44 Availability Zones within 16 geographic regions around the world and is used by a number of established institutions including DBS, Land Transport Authority of Singapore, Morningstar, Netflix, Capital One, Financial Institutions Investment Authority (FINRA) and others. In Singapore, AWS has a dedicated team with security experts who focus on compliance for Financial Institutions. A number of Argomi s compliance practices rests on AWS platform. This includes strong: Security and internal controls audit coverage Reporting and monitoring, Disaster recovery arrangements Cyber-security monitoring and recoverability measures. In addition, AWS has a suite of assurance programs and has obtained certifications and independent third-party attestations including ISO 27001, ISO 27017, ISO 27018, ISO 9001 and MTCS Level 3, amongst others. These AWS frameworks assure Argomi that our infrastructure rests on a secure and compliant network that takes our client s data needs seriously. Page 3

IV. Outsourcing Guidelines - MAS Section 5.4.3 of MAS s guidelines offers Financial Institutions a due diligence checklist to evaluate service providers. Argomi is keen to be proactive in supporting our clients to mitigate reputational, operational and compliance risks and to provide assurance to clients that Argomi is a trusted partner. MAS Guidelines Experience and capability to implement and support the outsourcing arrangement over the contracted period; Argomi s Response Argomi is built by a team that has deep knowledge of the finance industry. Our team is led by Ned Lowe (Chief Executive Officer), who has 12 years of experience at Bank of America Merrill Lynch and Chang Yoong Pin (Chief Product Officer) who has more than 20 years of experience across JL Capital, Temasek and Monetary Authority of Singapore. Both Ned and Pin are well supported by a technology and business team who have the experience and capability to lead Argomi. We use Amazon Web Service (AWS) for cloud computing and data storage. The fact that clients like DBS Bank also use AWS is a good indicator that AWS is well respected across leading financial institutions in Singapore and the broader region. Financial strength and resources (the due diligence should be similar to a credit assessment of the viability of the service provider based on reviews of business strategy and goals, audited financial statements, the strength of commitment of major equity sponsors and ability to service commitments even under adverse conditions); Corporate governance, business reputation and culture, compliance, and pending or potential litigation; Argomi is currently funded by our Co-Founder, Tim Loh - a partner at JL Capital Pte Ltd, a Singapore Licensed Fund Management Company. Argomi has robust internal corporate governance systems, which have been implemented across all departments. Our Chief Compliance Officer and CEO conduct regular checks to ensure that there are no breaches to our Internal Protocols. Argomi s culture is built on integrity and employees are mandated to read and adhere to Argomi s Code of Ethics and Business Conduct. Argomi has no pending or potential litigation. Security and internal controls, audit coverage, reporting and monitoring environment; Ned Lowe (CEO), Chang Yoong Pin (CPO) and Roland Santos (Lead Developer) are responsible for coordinating, developing, implementing and maintaining an organisation wide information Page 4

security program. This process requires management to identify risks within its areas of responsibility and to implement appropriate measures designed to address those risks. Argomi staff attend security-related training programs. For more details please review Argomi s Internal Security Access Policy. Argomi plans to have formal IT audit program in due course and re-evaluates this security program at least biannually. In addition, our server provider, AWS has established a formal audit program that includes continual, independent internal and external assessments to validate the implementation and operating effectiveness of the AWS control environment. Risk management framework and capabilities, including technology risk management and business continuity management in respect of the outsourcing arrangement; Disaster recovery arrangements and disaster recovery track record; Argomi has developed a strategic business plan, which includes risk identification and implementation of controls to manage risks. Argomi s management re-evaluates the strategic business plan at least biannually. Management identifies risks within its areas of responsibility and implements appropriate measures designed to address those risks. Argomi has developed disaster recovery processes for multiple severity levels and has an internal call tree which alerts all staff in an expedited manner. For more details, please read Argomi s Crisis Management Guide. Furthermore, leveraging AWS Disaster Recovery track record, Argomi s users enjoy some of the most robust disaster recovery arrangements in place. Argomi has configured multiple availability zones on AWS system which means Argomi uses Availability Zones at distinct locations that are engineered to be insulated from each other. Reliance on and success in dealing with sub-contractors; Argomi does not have sub-contractors. Insurance coverage; Argomi does not currently have a business insurance coverage However Argomi s platform relies on AWS, which maintains appropriate insurance, including Commercial General Liability insurance with limits of not less than $1,000,000 per occurrence and $5,000,000 general aggregate, and (b) Page 5

Crime/Employee Dishonesty insurance with limits of not less than $500,000 per claim. External environment (such as the political, economic, social and legal environment of the jurisdiction in which the service provider operates); and ability to comply with applicable laws and regulations and track record in relation to its compliance with applicable laws and regulations. Argomi operates out of the Republic of Singapore, which maintains a Aaa rating from Moody s for its political, economic, social and legal environment. Argomi works to comply with applicable international and local laws, statutes, ordinances, and regulations concerning security, privacy and data protection of Argomi's services in order to minimize the risk of accidental or unauthorized access or disclosure of customer content. Page 6

Further Reading In addition to this whitepaper, Argomi has a suite of other compliance documents. The purpose of this kit is threefold: 1. Provide users a thorough understanding of Argomi s security systems 2. Simplify a user s due diligence process 3. Act as a communication channel for the wider compliance and IT security community To gain more clarity on our compliance frameworks and how they affect financial institutions, please review: 1. Argomi Technology Risk Management Policy 2. Argomi Whitepaper ABS Cloud Computing Implementation Guide 3. Argomi Internal Access Policy 4. Argomi Business Continuity and Disaster Recovery 5. Argomi Crisis Management For further queries please approach our team at info@argomi.com. Document Revisions Date September 2017 Description First Publication Page 7

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback