Singapore launched our first Singapore Cybersecurity Strategy in 2016 (‘Strategy 2016’), which helped lay the foundations of our cybersecurity efforts today. As our strategic and technological environment has changed significantly over the past five years, we have reviewed and refreshed our cybersecurity strategy to address new and emerging cyber-threats.

With a robust cybersecurity workforce and a vibrant cybersecurity ecosystem as key enablers, the Singapore Cybersecurity Strategy 2021 (‘Strategy 2021’) lays out our plans to strengthen the security and resilience of our digital infrastructure and enable a safer cyberspace to support our digital way of life. It also articulates how Singapore could play an outsized role in the digital domain despite being a small country, to support an open, secure, stable, accessible, peaceful, and interoperable cyberspace.

Click to download

The long-expected and widely-concerned Personal Information Protection Law of the People’s Republic of China (“PIPL”) was adopted on 20 August 2021, at the 30th Session of the Standing Committee of the 13th National People’s Congress.

As a basic law for personal information protection in China, the PIPL clarifies the rules for processing personal information, the obligations of personal information handlers (and processors), and the rights of personal information subjects. Notably, the PIPL provides serious punishment for violations of this law, which includes a fine of up to CNY 50 million (about USD 7,690,000) or 5% of annual turnover of the previous year.
The PIPL will come into effect as of 1 November 2021. During the grace period, organizations operating in China and those established outside China but having to be subject to the extraterritorial effect of the PIPL, are suggested to carry out data compliance work in accordance with the PIPL to get prepared for the upcoming law.

This Guide aims to highlight the main principles and provisions under the PIPL. It is intended to be used by organizations as an aid to find gaps in compliance and take possible steps required in practice

Each section of this Guide describes an important rule or requirement under the PIPL. We also provide “Actions” suggested to be considered and/or adopted for ensuring compliance. Please note that the relevant supporting rules and regulations of the PIPL are expected to be promulgated and implemented accordingly, which is advisable to be paid close attention to. Also, other relevant laws and regulations, as well as department rules shall be taken into consideration when assessing compliance.

Click to download

The purpose of risk management is to ensure levels of risk and uncertainty are identified and then properly managed in a structured way, so any potential threat to the delivery of outputs (level of resourcing, time, cost and quality) and the realisation of outcomes/benefits by the Business Owner(s) is appropriately managed to ensure the project is completed successfully.

(more…)

Digital payments are growing at an estimated 12.7% annually, and are forecast to reach 726 billion transactions annually by 2020. By 2022, an estimated 60% of world GDP will be digitalised. For the FATF, the growth in digital financial transactions requires a better understanding of how individuals are being identified and verified in the world of digital financial services. Digital identity (ID) technologies are evolving rapidly, giving rise to a variety of digital ID systems.

(more…)

The Financial Action Task Force (FATF) is an independent inter-governmental body that develops and promotes proliferation of weapons of mass destruction. The FATF Recommendations are recognised as the global anti-money laundering (AML) and counter-terrorist financing (CFT) standard.

(more…)