Providing Assistance to a Fintech to Meet Regulatory Compliance with MAS
iSTOX is the first regulated exchange for digitised securities in Asia that is licensed by the Monetary Authority of Singapore (MAS) under the Securities and Futures Act (Cap 289), the company is recognised as a known market operator. iSTOX provides a platform for issuance, settlement, custody, and secondary trading of digitised securities. To offer a regulatory-compliant platform, ICHX seeks to ensure that it achieves a Capital Market Services (CMS) licence and ensure both its application and its operations comply with the MAS Technology Risk Management (TRM) guidelines and Notice and MAS Guidelines on Outsourcing without breaking or offering a sub-standard platform.
As a result, ICHX requested Pragma to help support in achieving the MAS CMS licence. The scope of service included:
- Help document 77 policies, procedures, processes
- Design and test a secure, robust cloud blockchain architecture for their platform.
- Create and implement policies and procedures that meet the requirements of MAS Technology Risk Management Guidelines and Notice and MAS Guidelines on Outsourcing.
- Support the training with processes that can be used by internal teams.
- Perform Penetration and Vulnerability Testing on the platform
- Perform a secure code review and recommend fixes
- Meet with regulators to ensure all compliance requirements are met
Our experts enabled ICHX to obtain the MAS CMS license. We helped them secure their platform's architecture covering the applications design, network infrastructure design and security design of the processes. This was achieved with our AWS and Security Architects.