Background

On 11 June 2025, the Monetary Authority of Singapore (MAS) released updated FAQs that strengthen expectations around Two-Factor Authentication (2FA) for financial institutions.

The revised guidance expands the scope from online trading platforms to all online financial services platforms, including fund management and capital markets product trading. Unlike the previous approach where customers could opt out with acknowledgement, 2FA is now mandatory and users without it will be blocked from accessing services after the implementation date.

Key clarifications include:

• Exemptions are applicable to institutional investors using direct market access or broker-assisted platforms such as Bloomberg or FIX.
• Proactive customer education on the risks of single-factor authentication.
• Enhanced cyber threat detection systems to detect unusual activities in the online platforms.
• The new implementation deadline is set for 12 September 2025

This update reflects MAS’s broader push for stronger digital security across the financial sector, reinforcing its commitment to safeguarding customer accounts against increasing cyber threats.

What’s Next?

Management should assess current authentication practices, confirm any applicable exemptions, and ensure 2FA is implemented across all online platforms ahead of the 12 September 2025 deadline. Customers should be updated immediately.

How Can We Help?

We support financial institutions by:

• Reviewing 2FA implementation and customer access protocols,
• Strengthening cyber risk monitoring,
• Preparing staff and customer communications for rollout.

Contact Us today to discuss how we can provide the risk and compliance advisory solutions for you. Find out more here.