Free Sample · No Credit Card

See a Real MAS Obligation Register, Free.

Thirty real obligations across all three MAS instruments, in all three formats. Every field of the full product, so you can judge the depth, the citations, and the parsing for yourself.

  • 30 real obligations across TRM, Cyber Hygiene, and Outsourcing
  • Byte-exact verbatim and a legal citation on every record
  • The full 46-field schema, nothing stripped out
  • ProfytAI Regulatory Intelligence on every record
  • JSON for pipelines and RAG, CSV for Excel and BI
  • All 30 evidence captures, previewing the Collection

Get the Free Sample

Preview the depth, the citations, and the parsing for yourself. We use your details to follow up and to keep you posted as new jurisdictions go live.

Sample pack zip · 30 obligations · No credit card

Real Records

Six Real Records, in Full.

Real records from the dataset, shown exactly as delivered. The download has thirty like these, across all three instruments.

See the Full 393-Obligation Register
BindingMAS Cyber Hygiene
MAS.CH.2024.Sec4.1.p3.OBL1
Summary

Secure every administrative account against unauthorised access or use.

VerbatimMUST
A relevant entity must ensure that every administrative account in respect of any operating system, database, application, security appliance or network device, is secured to prevent any unauthorised access to or use of such account.

MAS Notice FSM-N06 (Cyber Hygiene), paragraph 4.1, p. 3 (2024)

ActorA relevant entity
ActionEnsure that every administrative account is secured to prevent unauthorised access to or use of the account
ObjectAdministrative accounts on any operating system, database, application, security appliance or network device
Cyber Security Requirements · Administrative Accounts · p.3high severity

Non-compliance with this Notice may attract MAS supervisory and enforcement action; a MAS notice imposes legally binding requirements on the relevant entities.

BindingMAS Outsourcing Notice
MAS.OUT.2023.Sec12.4.p15.OBL1
Summary

Document the customer-information due diligence and provide it to MAS on request.

VerbatimMUST
A bank in Singapore must document the due diligence checks required under paragraphs 12.2 and 12.3 and furnish the documentation to the Authority upon request.

MAS Notice 658 (Outsourced Relevant Services), paragraph 12.4, p. 15 (2023)

ActorA bank in Singapore
ActionDocument the due diligence checks and furnish the documentation to the Authority on request
ObjectDocumentation of customer-information due diligence
Requirements Relating to Outsourced Relevant Services That Involve the Disclosure of Customer Information · p.15high severity

Non-compliance with this Notice may attract MAS supervisory and enforcement action; a MAS notice imposes legally binding requirements on the relevant entities.

GuidanceMAS TRM
MAS.TRM.2021.Sec7.2.1.p23.OBL1
Summary

The FI should implement a configuration management process to maintain accurate information of its hardware and software in order to have visibility and effective control of its IT systems.

VerbatimSHOULD
The FI should implement a configuration management process to maintain accurate information of its hardware and software to have visibility and effective control of its IT systems.

MAS TRM Guidelines, Section 7.2.1, p. 23 (2021)

ActorFI
ActionImplement a configuration management process to maintain accurate hardware and software information
ObjectHardware and software configuration information
IT Service Management · Configuration Management · p.23medium severity

Non-adherence may attract MAS supervisory action; the TRM Guidelines set out the standards MAS expects financial institutions to meet.

GuidanceMAS TRM
MAS.TRM.2021.Sec13.1.1.p45.OBL1
Summary

The FI should establish a process to conduct regular vulnerability assessments on its IT systems to identify security vulnerabilities and ensure risks arising from these gaps are addressed in a timely manner.

VerbatimSHOULD
The FI should establish a process to conduct regular vulnerability assessment (VA) on their IT systems to identify security vulnerabilities and ensure risk arising from these gaps are addressed in a timely manner.

MAS TRM Guidelines, Section 13.1.1, p. 45 (2021)

ActorFI
ActionEstablish a process to conduct regular vulnerability assessments
ObjectIT systems, to identify security vulnerabilities and address the risks in a timely manner
Cyber Security Assessment · Vulnerability Assessment · p.45medium severity

Non-adherence may attract MAS supervisory action; the TRM Guidelines set out the standards MAS expects financial institutions to meet.

GuidanceMAS TRM
MAS.TRM.2021.Sec6.1.1.p19.OBL1
Summary

The FI should adopt standards on secure coding, source code review and application security testing to minimise bugs and vulnerabilities in its software.

VerbatimSHOULD
To minimise the bugs and vulnerabilities in its software, the FI should adopt standards on secure coding, source code review and application security testing.

MAS TRM Guidelines, Section 6.1.1, p. 19 (2021)

ActorFI
ActionAdopt standards on secure coding, source code review, and application security testing
ObjectSecure coding, source code review, and application security testing standards
Software Application Development and Management · Secure Coding, Source Code Review and Application Security Testing · p.19medium severity

Non-adherence may attract MAS supervisory action; the TRM Guidelines set out the standards MAS expects financial institutions to meet.

GuidanceMAS TRM
MAS.TRM.2021.Sec5.7.1.p17.OBL3
Summary

The FI should establish and obtain approval for a test plan before testing begins.

VerbatimSHOULD
A test plan should be established and approved before testing.

MAS TRM Guidelines, Section 5.7.1, p. 17 (2021)

ActorFI
ActionEstablish and obtain approval for a test plan
ObjectTest plan
IT Project Management and Security-by-Design · System Testing and Acceptance · p.17medium severity

Non-adherence may attract MAS supervisory action; the TRM Guidelines set out the standards MAS expects financial institutions to meet.

Each card shows the key fields for readability. Every delivered record carries the complete four-layer schema.

You Have Seen Thirty.
The Register Has 393.

When the sample proves the depth, license the jurisdiction you need. The complete Singapore perimeter, or a single TRM theme to start.

SampleConsultationRegisterPlatformSubscription