Global Trustee and Fiduciary Services Bite-Sized Issue 4 2026

12 QUICK LINKS CMU CONDUCT CRYPTO ASSETS EMIR FINTECH FUND LIQUIDITY IOSCO OPERATIONAL RESILIENCE SUSTAINABLE FINANCE/ESG T+1 ASIA EUROPE LUXEMBOURG NORTH AMERICA UNITED KINGDOM Global Trustee and Fiduciary Services Bite-Sized | Issue 4 | 2026 MAS Consults on Proposed Guidelines on Third-party Risk Management and Updated Guidelines on Operational Risk Management On 6 March 2026, the Monetary Authority of Singapore (MAS) launched two consultations. A consultation on proposed guidelines on third-party risk management, along with updated Guidelines on Operational risk Management (ORMG). The proposed guidelines on Third-party Risk Management set out the MAS’ supervisory expectations of financial institutions’ (FIs’) use of third-party services and incorporate key elements from the Basel Committee on Banking Supervision’s Principles for the Sound Management of Third-Party Risk (published in December 2025) and the Financial Stability Board’s Final Report on Enhancing Third-Party Risk Management and Oversight – A Toolkit for Financial Institutions and Financial Authorities (published in December 2023). Amongst other things, the MAS is seeking comments on the following: • The proportional implementation of the proposed guidelines – FIs are expected to implement the requirements set out in the guidelines in a manner proportionate to their size, complexity, and the nature and materiality of the third-party services they use; • The expectations applicable to an FI with a branch or subsidiary that is either (a) subject to consolidated supervision by the MAS or (b) an owner of critical information infrastructure. The MAS said the proposed guidelines are intended to supersede the Guidelines on Outsourcing (Banks) and Guidelines on Outsourcing (Financial Institutions other than Banks) and expand the application of the relevant expectations currently imposed on outsourced services to all third- party services. The MAS proposes that the guidelines will take effect six months from the date of issuance to provide FIs a transition period to make the necessary arrangements, including to update third- party service agreements, to meet the expectations set out under the proposed guidelines. Pending the issuance of the final guidelines, the MAS expects FIs to manage the operational, technology and cyber risks associated with their third-party arrangements, such as by re- performing risk evaluations when there is a significant change or incident that affects the risk posture of the service provider. FIs are also expected to establish robust business continuity measures and effective incident response mechanisms to minimise service disruptions caused by service provider-related incidents. Comments on the consultation are due by 20 April 2026. As regards the MAS Consultation on Updated Guidelines on Operational Risk Management The MAS said that the updated ORMG sets out its supervisory expectations for effective operational risk management practices by FIs, and incorporates key elements of the revised principles for the sound management of operational risk published by the Basel Committee on Banking Supervision in April 2023. The MAS proposes a transition period of six months from the issuance of the updated ORMG for FIs to comply with the expectations set out in them. The updated ORMG will supersede the Guidelines on Risk Management Practices – Operational Risk published in March 2013. Comments are due by 20 April 2026 . Link to MAS Homepage here