MAS-Aligned Compliance & Regulatory Standards
Skandage Technologies' robust compliance measures align with the highest industry standards, ensuring your information is protected and your clients' trust is earned. Below is a detailed breakdown of how Skandage Technologies meets key requirements set by the Monetary Authority of Singapore (MAS) and applicable standards.
1. Data Protection & Privacy
Personal Data Protection Act (PDPA)
Skandage Technologies complies strictly with the PDPA by implementing secure policies and procedures for the proper collection, use, and disclosure of personal data. Regular training ensures all employees understand their obligations under the PDPA framework.
User Client Consent
Skandage Technologies provides built-in consent collection tools — integrated directly into our Coverage Gap Calculators and Contact Forms — so consultants can securely collect specific, explicit consent to receive communications and have their data stored on the system.
Notification at Point of Collection
Individuals are notified of the purpose for which their personal data is collected, used, or disclosed — handled seamlessly at point of collection via automated consent tools and disclaimer footers.
Confidentiality Agreements
All employees and third-party vendors sign strict confidentiality agreements. Access to sensitive platform data is restricted based on absolute necessity and role responsibilities.
Purpose Limitation
Personal data is collected and used only for purposes that a reasonable person would consider appropriate and to which the individual has explicitly consented.
Access & Correction Rights
Users can update and correct their information at any time via their agent dashboard. User clients can also request to access or correct their personal data upon request.
Bank-Grade Protection
Implemented bank-grade security including proprietary Zero-Knowledge Architecture (Fernet Encryption) for client lead data, strict OTP/Passkey 2FA, and secure consent tools, alongside rigorous internal policies.
Retention & Transfer Limitation
Personal data is retained only for as long as necessary for business or legal purposes and can be permanently wiped at the user's request. All data remains within Singapore — it is neither shared with nor stored in any other country.
2. Cybersecurity
Skandage adheres to MAS guidelines — including the MAS Notice on Cyber Hygiene — by conducting regular security audits, applying patches promptly, and enforcing strong authentication methods.
Cyber Hygiene & Cybersecurity Act Compliance
A comprehensive cybersecurity framework is in place, including incident response plans, continuous monitoring, and regular security assessments. Significant incidents are always documented and reported to MAS as required.
OTP / 2FA & Passkey Authentication
An advanced One Time Password (OTP) and biometric WebAuthn Passkey system entirely prevents unauthorized third-party dashboard logins, satisfying MAS requirements for multi-factor authentication (MFA).
Cybersecurity Track Record — ZERO INCIDENTS
To date, Skandage Technologies has had zero cybersecurity incidents or breaches. Our proactive, layered security model is designed to maintain this record.
3. Risk Management
Operational Risk Management
Skandage Technologies operates a LOW RISK operational program, complemented by regular risk assessments, internal controls, and monitoring mechanisms to manage and mitigate operational SaaS risks.
Third-Party Risk Management
Thorough due diligence is conducted on all third-party vendors — including server hosts and mailing APIs — to ensure they comply with relevant regulations and maintain high-security standards.
4. Regulatory Reporting
24-Hour Escalation Timeline
Skandage operates on a strict 24-hour timeline for the internal escalation and reporting of data breaches, cybersecurity incidents, and other compliance issues to MAS, ensuring complete transparency and accountability.
Accurate, Immutable Records
Skandage Technologies maintains accurate, immutable logs and complete records of all transactions, automated communications, and compliance activities.
5. AML / CFT Compliance
Anti-Money Laundering (AML)
While Skandage Technologies operates as a SaaS provider in a very low-risk area for money laundering activity, a formal AML policy is in place, including customer due diligence, transaction monitoring, and suspicious activity reporting.
Countering the Financing of Terrorism (CFT)
Skandage Technologies complies with CFT regulations by screening against sanction lists and maintaining ongoing identification of suspicious client activities.
6. Data Storage & Transmission
Encryption Standards
Industry-standard encryption is used throughout — AES-256 transparent database encryption for data at rest and TLS 1.3 for data in transit — ensuring unauthorised access to client financial data is mathematically prevented.
Data Localisation
Skandage Technologies complies strictly with MAS data localisation requirements — all databases are stored securely within local Singapore data centres. No data is processed or stored abroad.
Business Continuity
Robust business continuity and disaster recovery plans are in place, including regular database backups and system updates, to ensure minimal disruption to advisory services in the event of an incident.
Financial Guidelines
Skandage Technologies adheres to prudential guidelines set by MAS, including maintaining adequate capital reserves, liquidity management, and regular financial reporting to ensure corporate financial soundness.
7. Client Communication & Transparency
Clear Communication
Skandage Technologies ensures transparent communication with consultants and their clients regarding data storage, use, and protection policies.
Consent Management
Explicit consent is obtained from users and user clients for all data collection and processing activities, ensuring bulletproof compliance with the PDPA and maintaining the highest level of client trust.
8. Insurance Company Approval
Skandage Technologies is designed to meet the compliance review criteria required by major insurance companies and financial advisory networks operating in Singapore. If you are a compliance officer or agency manager evaluating the platform for adviser use, the following applies.
Platform Approval Process
Skandage Technologies works directly with agency compliance teams to facilitate formal platform approval before deployment by any adviser. Our platform is purpose-built to satisfy the standard review criteria set by major insurance companies operating in Singapore, including but not limited to Prudential, AIA, Manulife, Great Eastern, and Income.
Upon request, we provide a full documentation package comprising:
This Compliance Framework
Full MAS/PDPA alignment documentation as presented on this page.
Security Whitepaper
Detailed cryptographic standards, access controls, and audit log architecture.
Privacy Policy
Full PDPA-compliant data handling and Zero-Knowledge architecture disclosure.
Data Processing Agreement (DPA)
Formal contractual terms governing data processing between Skandage and the adviser or agency.
Compliance officers and agency managers seeking platform approval should direct enquiries to our Data Protection Officer:
privacy@skandage.comWe aim to respond to all compliance review requests within 2 business days.
9. Disclaimers
Skandage Technologies maintains mandatory disclaimer footers on every page across all Skandage-powered adviser websites. These disclaimers are a non-removable component of the platform.
What Every Page States
"Disclaimer: Skandage Technologies is an independent software provider. [Insurer name] is a registered trademark of [Insurer entity]. Skandage Technologies is not affiliated with, endorsed by, sponsored by, or in any way officially connected with [Insurer name]."
This disclaimer is dynamically tailored to the insurer the adviser represents, ensuring that no reasonable person could confuse a Skandage-powered website with an official insurer platform or communication channel.
Regulatory Purpose
Satisfies MAS and insurer compliance requirements for clear identification of third-party tools, ensuring full transparency for clients interacting with the platform.
Scope of Application
Mandatory across all pages — including homepage, calculator pages, contact forms, and any other client-facing content hosted on Skandage-powered adviser websites.