IR Hotline Numbers:

+44 20 3318 1470
+60 154 877 0076
+61 2 7908 1745
+65 3165 8788
caution icon

Experienced a breach? Reach us now

company logo

Compliance and Cyber Risk Assessment

Technical Review on Third-party Risks for Insurer

Technical Review on Third-party Risks for Insurer

The Background

MSIG Insurance is one of Asia's leading general insurers, with a solid presence in Singapore. As large insurer, MSIG is subjected to regulators guidelines in multiple countries including Hong Kong Monetary Authority Technology Risk Regulations and Monetary Authority of Singapore Technology Risk Management guidelines and Outsourcing guidelines and the risks associated with using the outsourced service providers. Pursuant to the guidelines, MSIG is required to perform an assessment on there internal operations and their third party service providers.

The Process

As a result, MSIG has requested Pragma to assess the security and control environment at several service providers and to report on the observations and associated risks for the services provided.

The scope of service for MSIG includes a security testing on their mobile application, backend server and web application, assessment of policies, procedures and process, architecture of third-party services and operational procedures that support MSIG. The assessment began with a thorough technical review of people, process, and technology, followed by a detailed report to illustrate the issues.

In total, we evaluated over 100 service providers and assessed the priority one material outsourced vendors against the HKMA Risk Management and Outsourcing guidelines, and MAS TRM guidelines and Outsourcing.

The Result

The recommendation we produced helped MSIG understand the risks of their service providers, and allowed them to mitigate many of these risks through our recommendations and solutions. MSIG successfully reported the closure of the issue to the regulatory and are now important insurance company that the regulatory looks to for exemplary risk management.


Third-party Risks
Regulatory Guidelines
MSIG Insurance
Hong Kong Monetary Authority
Technology Risk Regulations
Monetary Authority of Singapore
Technology Risk Management
Outsourcing Guidelines
Security Testing
Mobile Application
Backend Server
Web Application
Policies and Procedures
Operational Procedures
Risk Mitigation
Risk Management
Compliance Reporting
Exemplary Risk Management
Insurance Company

Join the Pragma Community Today



Cyber Advisory

Technology Risk

Compliance, Conduct, and Regulatory Risk

IT Audit


Pragma Logo

Terms & conditions

Privacy Policy