IR Hotline Numbers:

+44 20 3318 1470
+60 154 877 0076
+61 2 7908 1745
+65 3165 8788
caution icon

Experienced a breach? Reach us now

company logo

Regulatory Compliance

Providing Assistance to a Fintech to Meet Regulatory Compliance with MAS

Providing Assistance to a Fintech to Meet Regulatory Compliance with MAS

The Background

iSTOX is the first regulated exchange for digitised securities in Asia that is licensed by the Monetary Authority of Singapore (MAS) under the Securities and Futures Act (Cap 289), the company is recognised as a known market operator. iSTOX provides a platform for issuance, settlement, custody, and secondary trading of digitised securities. To offer a regulatory-compliant platform, ICHX seeks to ensure that it achieves a Capital Market Services (CMS) licence and ensure both its application and its operations comply with the MAS Technology Risk Management (TRM) guidelines and Notice and MAS Guidelines on Outsourcing without breaking or offering a sub-standard platform.

The Process

As a result, ICHX requested Pragma to help support in achieving the MAS CMS licence. The scope of service included:

  • Help document 77 policies, procedures, processes
  • Design and test a secure, robust cloud blockchain architecture for their platform.
  • Create and implement policies and procedures that meet the requirements of MAS Technology Risk Management Guidelines and Notice and MAS Guidelines on Outsourcing.
  • Support the training with processes that can be used by internal teams.
  • Perform Penetration and Vulnerability Testing on the platform
  • Perform a secure code review and recommend fixes
  • Meet with regulators to ensure all compliance requirements are met

The Result

Our experts enabled ICHX to obtain the MAS CMS license. We helped them secure their platform's architecture covering the applications design, network infrastructure design and security design of the processes. This was achieved with our AWS and Security Architects.


Regulatory Compliance
MAS (Monetary Authority of Singapore)
Digitised Securities
Capital Market Services (CMS) License
MAS Technology Risk Management Guidelines
MAS Guidelines on Outsourcing
Policies and Procedures
Cloud Blockchain Architecture
Penetration Testing
Vulnerability Testing
Secure Code Review
Compliance Requirements
AWS and Security Architects

Join the Pragma Community Today



Cyber Advisory

Technology Risk

Compliance, Conduct, and Regulatory Risk

IT Audit


Pragma Logo

Terms & conditions

Privacy Policy