8 digital banking service interruptions at 4 banks since July 2021: Tharman



Mr Tharman said that the Monetary Authority of Singapore (MAS) “takes seriously” all IT incidents that affect the availability of digital banking services.

“It requires banks to be able to recover systems supporting critical banking services such as fund transfers and payments services within four hours following any disruption.”

The total unscheduled downtime for each critical system must also not exceed four hours within any 12-month period. The authority takes supervisory action when the banks breach these requirements, said Mr Tharman.

In February 2022, MAS said it had ordered DBS to appoint an independent expert to conduct a “comprehensive review” of the incident, including the bank’s recovery actions.

The review also required DBS to assess how a similar incident could be prevented in future, said MAS then.

The bank was directed to rectify all shortcomings identified from the review and implement measures to ensure that any future disruption to its digital banking services is resolved quickly and adequately.

Additionally, MAS also required the bank to hold additional capital until all shortcomings identified in the review are rectified.

“The recent incidents highlight the need for banks to continually review their IT resilience strategy, and ensure that there is sufficient redundancy and fault tolerance built into their digital banking IT infrastructure,” said Mr Tharman on Tuesday.

“In addition, swift diagnosis and recovery of systems, coupled with robust business continuity management, are critical in minimising the impact of an IT disruption.”

Mr Tharman noted that MAS has published a set of new business continuity management guidelines that set out measures that financial institutions can employ to sustain critical business services and to minimise service disruption.

Such measures include identifying the end-to-end dependencies across business processes, systems, manpower and other resources required to deliver critical business services, and addressing any gaps that could hinder the effective recovery of these services during an outage.

Mr Tharman said that the monetary authority has highlighted third-party risks such as public cloud computing services as a key area for financial institutions to focus on.

The MAS has been working closely with the industry, global financial regulators and leading service providers, including the Association of Banks in Singapore and the Bank for International Settlements, on the best practices to manage third-party risks.

“The technology landscape that banks operate in is becoming more complex. It is hence critical that banks continually maintain and uplift the security and resiliency of their IT systems so as to maintain stability and trust in the banking system,” Mr Tharman said.

“MAS will continue to work closely with the industry in this regard.”


Please enter your comment!
Please enter your name here