Compliance and Cyber Risk Assessment
Technical Review on Third-party Risks for Insurer
MSIG Insurance is one of Asia's leading general insurers, with a solid presence in Singapore. As large insurer, MSIG is subjected to regulators guidelines in multiple countries including Hong Kong Monetary Authority Technology Risk Regulations and Monetary Authority of Singapore Technology Risk Management guidelines and Outsourcing guidelines and the risks associated with using the outsourced service providers. Pursuant to the guidelines, MSIG is required to perform an assessment on there internal operations and their third party service providers.
As a result, MSIG has requested Pragma to assess the security and control environment at several service providers and to report on the observations and associated risks for the services provided.
The scope of service for MSIG includes a security testing on their mobile application, backend server and web application, assessment of policies, procedures and process, architecture of third-party services and operational procedures that support MSIG. The assessment began with a thorough technical review of people, process, and technology, followed by a detailed report to illustrate the issues.
In total, we evaluated over 100 service providers and assessed the priority one material outsourced vendors against the HKMA Risk Management and Outsourcing guidelines, and MAS TRM guidelines and Outsourcing.
The recommendation we produced helped MSIG understand the risks of their service providers, and allowed them to mitigate many of these risks through our recommendations and solutions. MSIG successfully reported the closure of the issue to the regulatory and are now important insurance company that the regulatory looks to for exemplary risk management.