What It Is

Clean Air Act (CAA), codified at 42 U.S.C. §7401 et seq., is a comprehensive U.S. federal statute regulating air emissions from stationary and mobile sources. Its primary purpose is protecting public health and welfare through ambient and source-based standards. It employs cooperative federalism, with EPA setting national floors and states implementing via SIPs.

Key Components

• NAAQS for six criteria pollutants (primary/secondary standards).
• SIPs, NSR/PSD permitting, Title V operating permits.
• Technology standards: NSPS, MACT/NESHAPs, mobile/fuel rules.
• Specialized programs: acid rain trading (Title IV), ozone protection (Title VI). Compliance via permits, monitoring, enforcement; no formal certification but federally enforceable.

Why Organizations Use It

Mandatory for emitters; drives compliance to avoid penalties, sanctions, FIPs. Reduces health/environmental risks, enables permitting for expansions. Builds stakeholder trust, supports ESG via emission reductions.

Implementation Overview

Phased: gap analysis, permitting, controls/monitoring installation, reporting. Applies to major sources/industries nationwide; involves SIPs, Title V renewals, audits. High complexity demands cross-functional governance.

What It Is

MAS Technology Risk Management (TRM) Guidelines (January 2021) are supervisory guidelines from Singapore's Monetary Authority of Singapore (MAS) for financial institutions. This risk-based framework promotes sound practices for governing technology and cyber risks, emphasizing proportionality to FI size, complexity, and exposure. Core approach: defence-in-depth across governance, operations, and resilience to protect confidentiality, integrity, and availability (CIA).

Key Components

• 15 sections covering governance, risk frameworks, SDLC, IT service management, resilience, access controls, cryptography, cyber operations, testing, and audit.
• No fixed control count; principles like board accountability, asset inventories, third-party oversight.
• Built on CIA triad; aligns with NIST CSF, ISO 27001.
• Compliance via supervisory review, no formal certification.

Why Organizations Use It

• Mandatory for MAS-regulated FIs to avoid fines, license actions.
• Enhances resilience, reduces cyber incidents, integrates TRM into ERM.
• Builds trust, enables digital innovation securely.

Implementation Overview

• Phased: governance setup, asset inventory, control deployment, testing.
• Applies to banks, insurers, fintechs in Singapore.
• Involves audits, no certification; 12-24 months typical.