Featured Case Study:
DigiFinex MAS TRM Gap Assessment with Privasec

A gap assessment by Privasec as an independent party to Review DigiFinex cyber security posture against the MAS TRM Guidelines

DigiFinex is a global digital assets trading platform that provides users access to facilities enabling them to trade in cryptocurrencies. it has global presence, which makes it the preferred trading platform for more than 4 million users across the globe.

Managing Cyber Risks

As reported by Boston Consulting Group, businesses in banking and financial institutes are 300 times more at risk of cyber attack than other companies. 

DigiFinex recognises  the importance of proactive compliance to ensure a robust cybersecurity posture as they are exposed to wide range of technology risks including cyber risks. Furthermore, as an applicant under the Payment Services Act as a Digital Payment Token (DPT) Service Provider, DigiFinex is expected to comply with the Monetary Authority of Singapore (MAS) requirements like Cyber Hygiene Notice and Technological Risk Management (TRM) guidelines. 

Hence, DigiFinex has decided to partner with Privasec, as a third-party assessor to conduct an engagement of MAS TRM Gap Assessment to review their cybersecurity posture against the MAS guidelines. 

The Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines is a set of risk management principles and best practices standards to guide Financial Institutions (FIs) in managing technology risk. It was created to help FIs establish sound and robust technology risk governance and oversight, as well as maintain IT and cyber resilience.

The revised 2021 Technology Risk Management Guidelines (2021 Guidelines) was introduced 8 years after the last major release in 2013. This comes after a series of cyber attacks and data breaches such as the WannaCry Ransomware attack in 2017, SingHealth data breach in 2018, HIV data leak in 2019 and the most recent SolarWinds cyber attack in 2020.

The 2021 Guidelines provides additional guidance on how FIs can better manage technology and cyber risks in an environment of growing reliance of technology in business operations.

the results

DigiFinex was able to effectively improve its security posture by having an independent party test and assess the robustness of its underpinning technology operation processes. Privasec also created a bespoke roadmap identifying potential gaps and areas of improvement to its technological governance processes.

Privasec has extensive experience in cybersecurity. Coupled with their ability to conduct efficient fieldwork on our business processes, they have demonstrated remarkable acumen to learn, understand and identify the various vulnerabilities in our business.
They have efficiently performed an analysis of these gaps and proposed effective governance processes and solutions to suitably and practically meet the challenges of these vulnerabilities

Jonathan Cheong, Chief Legal and Compliance Officer of DigiFinex

Our Credentials

Want to Become ISO 27001 Certified?

Get on your way to obtain the IEC 27001 certification today. Just contact a Privasec consultant to get a detailed understanding of the Plan-Do-Check-Act ISMS cycle.

Scroll to Top