The client provides an asset tokenisation and investment management platform where investors can easily access, invest safely and transparently in asset-backed security tokens.

The client's operations fall under the MAS regulatory requirements. To continue its operations and provide a safe platform for its customers, the Client is required to hold a capital markets services (CMS) licence to conduct activities regulated under the Securities and Futures Act and comply with MAS Technology Risk Management and MAS Notice 655 Cyber Hygiene.

The client required a partner with expertise in technology risk and cybersecurity to support them in achieving the MAS licence.

Given the size and complexity of the project, Pragma worked closely with the client to understand the scope and resources needed. The first scope involved compliance implementation with MAS TRM and MAS Notice 655 Cyber Hygiene. Pragma's team produced and implemented policies, documents and checklists to support the client to be compliant.

Pragma then assisted in reviewing and fulfilling the required MAS CMS licence application forms and liaised with the authorities from the MAS on any queries during the application.

Pragma's security specialists performed penetration tests and vulnerability assessments to ensure the platform was resilient against cyber threats. Pragma also performed a mobile application security testing to identify vulnerabilities and a Source Code Review to identify any vulnerabilities in the application code.