Introduction

In a digital asset market that runs around the clock, institutional credibility depends on infrastructure that stays available and recovers quickly. Technology and operational risks are now firmly on the board agenda, and the Monetary Authority of Singapore expects firms to demonstrate that critical systems are reliable, secure, and recoverable.

We partner with payment institutions, fintechs, and digital asset service providers to assess technology architecture and operational workflows, address single points of failure across systems, custody arrangements, and third-party dependencies, and implement robust safeguards that strengthen security, operational resilience and stakeholder confidence. 

Regulatory expectations for the use of artificial intelligence are also developing. We help financial institutions, fintechs and digital asset businesses establish clear accountability, robust controls and effective oversight over AI, so they can demonstrate responsible use to boards, regulators and other stakeholders. 

Our solutions

How we help

  • Technology and Cybersecurity Risk Management:Assessment of Cyber Hygiene, Technology Risk Management (TRM), Outsourcing and Business Continuity Management (BCM) controls in accordance with MAS guidelines.
  • AI Governance: Assessment and strengthening of AI governance frameworks across model risk, third-party providers and agentic AI, covering AI use in transaction monitoring, payments, custody and trading. Our approach integrates regulatory requirements, technology risk, data governance and internal control considerations to help you identify gaps, evidence compliance and demonstrate responsible AI use. 
  • Cybersecurity Assessments: Wallet security reviews, smart contract audits, and secure key management, including cold and hot wallet segregation and multi-signature controls.
  • Smart Contract Review and Testing: Review and testing of smart contract logic across the development lifecycle, including design, coding, implementation, and validation, drawing on methodologies developed across the RSM network.
  • Operational Control Architecture: Establishment of standard operating procedures for clearing, settlement, and reconciliation, and oversight of external custodians, liquidity providers, and other third-party service providers.
  • Incident Response Planning: Tailored response plans and playbooks for key scenarios such as ransomware, data breaches, key compromise, and insider threats.
  • Business Continuity Planning (BCP) and IT Resilience: Design, review and testing of Business Continuity and Disaster Recovery Plans, and review of IT resilience practices to restore critical functions and minimise operational disruption.
  • Continuous Improvement and Plan Optimisation: Regular review and refinement of resilience and continuity plans based on evolving threats, lessons learnt, and business changes.
  • Digital Forensics and Incident Response: Investigation of cyber incidents to identify root causes, assess impact, preserve digital audit trails, and support breach notification and regulatory reporting obligations. 

Learn more about our related Technology Consulting.

Frequently Asked Questions 

A technology risk review against MAS TRM and BCM expectations is a practical starting point. It gives you a clear view of your technology environment, custody arrangements and third-party dependencies, helping you prioritise the areas that require attention.  

Yes. We work alongside your internal teams and external providers, reviewing how responsibilities and controls are shared while helping you strengthen oversight of outsourced and cloud-based environments. 

Yes. We can carry out a one-time assessment ahead of a licence application or MAS inspection, and also support the ongoing monitoring, testing, and enhancement of your resilience and business continuity plans as your operations evolve. 

We review smart contract logic across its development lifecycle, from design and coding to testing, implementation, and validation, to help identify risks associated with automated, on-chain execution. Our approach draws on review methodologies developed across the RSM International network. 

We help you respond and recover through tailored incident response plans and playbooks. Our digital forensics specialists can investigate root causes, preserve digital evidence and audit trails, and support breach notification and regulatory reporting obligations where required. 

Our specialists

Associate Director

Contact us

Complete this form and an RSM representative will be in touch.