The Monetary Authority of Singapore (“MAS”) announced material changes to their surveys and submissions:

  • MASNET will be decommissioned in 4Q2025. The MAS will migrate circulars and announcements, as well as templates and user guides, to MAS-Tx. In October, access to the Misconduct Report System (MRS) and the Corporations and Representative System (CoRE) will be shifted to MAS-Tx. In November, the eReturns Submission and Reporting System will follow. You can find more information in the MAS’ circular issued on 1 August 2025. They will publish further information over this quarter.
  • Instead of the annual Fund Management Risk Assessment Questionnaire, the MAS will request a quarterly data questionnaire. The MAS will inform on this change, details on a new web-based reporting platform, and its planned reporting initiatives over the next two years in a webinar on 26 August 2025. Invitations were sent out by email. We strongly recommend that you attend this webinar.

Financial institutions, including external asset managers (“EAMs”), should prepare themselves well for these changes. Only at the beginning of June, the MAS revoked a licence, inter alia, because the company failed to submit regular returns and missed notifications (Revocation of the capital markets services licence of Xen Capital Asia Pte. Ltd. and reprimand of its executive director).

The MAS also emphasised the security of access to IT systems. The MAS expects all financial institutions to secure their customers’ access to online financial services with two-factor authentication (“2FA”). All financial institutions offering their customers access to systems online must ensure that 2FA is implemented as soon as possible, at the latest by 12 September 2025. (FAQs on Two-Factor Authentication for Online Financial Services Platforms)

On a similar note, the MAS recently advised that all financial institutions are to stop the use of full or partial NRIC numbers to authenticate a person as soon as possible, at the latest by 30 June 2026. Generally, financial institutions should not use easily obtainable personal data as default passwords on a standalone basis. Easily obtainable personal data include, but are not limited to, names, NRIC numbers, birthdates, phone numbers and addresses/postal codes. (Circular on Stopping the Use of NRIC Numbers for Authentication in the Financial Sector [CMG 04/2025]).