Connect with us

Opinion

Repeated disruptions and single-point failures challenge the presumed resilience of Singapore’s digital banking system

Opinion: Persistent service disruptions and glaring single-point failures in Singapore’s digital banking landscape are eroding public trust, highlighting significant systemic vulnerabilities.

These incidents challenge the sector’s perceived resilience, calling into question the efficacy of safeguards and the commitment to maintaining robust, fail-safe digital banking infrastructures.

Published

on

Recently, Singapore’s banking sector has faced several disruptions, notably with DBS Bank, eroding public confidence significantly.

Social media platforms are abuzz with customers, especially those using DBS/POSB, expressing dismay over the inconveniences caused by these digital banking setbacks. Their reliance on digital wallets, having moved away from cash, amplifies their frustration. For instance, even from Taiwan, I experienced a direct impact — my cab fare payment via POSB was denied due to the recent Saturday disruption.

Singapore’s goal isn’t a cashless society, primarily to accommodate the elderly. However, the dream may remain distant not because of slow merchant adoption or demographic challenges, but due to dwindling trust in digital banking systems stemming from recurrent service lapses.

Highlighting this issue was the recent 12-hour outage at DBS and Citibank, precipitated by a single point of failure at an Equinix data centre—In this case, a cooling failure. This incident underscores the urgent need for comprehensive redundancy safeguards within digital banking infrastructures.

To grasp the severity of these concerns, it’s essential to revisit the commitments and assurances provided by the authorities, especially those articulated by Mr Tharman Shanmugaratnam, the current Singapore President and former Senior Minister and Chairman of the Monetary Authority of Singapore (MAS), in response to specific queries raised by Members of Parliament.

In April 2023, addressing Parliamentary Questions (PQ) raised by Mr Ang Wei Neng, MP for West Coast GRC, regarding the DBS disruption in March, it was said that the disruption on 29 March 2023, was caused by inherent software bugs.

Mr Tharman then assured, “DBS has since undertaken measures to mitigate the identified gaps. The bank is committed to enhancing the resilience of its digital banking system, focusing on enhancing its access control architecture, building in more redundancy, monitoring its key system components more closely, and improving its system restoration processes.”

Following the subsequent disruption on 5 May 2023, which lasted 6.5 hours, it was conveyed that the disruption resulted from human error during system maintenance programming.

Furthermore, in addressing questions from Dr Tan Wu Meng, MP for Jurong GRC and Mr Desmond Choo, MP for Tampines GRC, Mr Tharman underscored the urgency with which these incidents were being treated.

He stated that the MAS found the frequency of disruptions unacceptable and emphasized that banks must quickly identify problems, restore services, and communicate transparently with affected customers.

Mr Tharman pointed out that MAS requires all retail banks in Singapore to ensure that their mission-critical systems supporting digital banking are resilient, including having the ability to recover quickly from any system disruptions.

“Banks are subject to regular inspections and off-site reviews by MAS to ensure their adherence to regulatory requirements and expectations,” said Mr Tharman.

However, the incident on Saturday (14 Oct), casts a stark light on the effectiveness of these assurances.

Despite prior incidents, specifically the significant disruptions on 29 March 2023 due to software bugs, 5 May 2023 due to human coding error, and a notable case in November 2021, the recent outage suggests that the measures taken by DBS and the standards enforced by MAS may not be sufficient.

Customers are justifiably frustrated, as the promises of improved redundancy, better monitoring, and expedited restoration processes appear glaringly inconsistent with the reality of another major disruption.

Particularly troubling is the promise to eliminate single points of failure, a commitment now cast in doubt following the Equinix data centre debacle. This incident, which disrupted multiple banks, signals a systemic vulnerability. The prolonged 12-hour outage further implies a glaring absence of adequate redundancy systems designed to assume control during such points of failure.

Furthermore, the precise questions raised by MPs—such as the number of banking disruptions lasting more than one hour in the past five years, the banks involved, and the lessons learned from these disruptions—remain pertinent. They underscore the necessity for continuous scrutiny and accountability in ensuring that both financial institutions and regulators uphold the highest standards of operational reliability.

So far, MAS has not issued any statement regarding the disruption that occurred last Saturday.

In light of DBS’s six-hour disruption in May, Ms Ho Hern Shin, Deputy Managing Director (Financial Supervision) of MAS, issued a stern statement: “DBS Bank has fallen short of MAS’s expectations for banks to provide reliable services to their customers. The repeated inconvenience caused to the public is unacceptable. The additional capital requirement imposed at this time underscores the seriousness with which MAS views this matter. DBS Bank must spare no effort in addressing the underlying issues leading to these disruptions.”

Now, despite the disruption lasting over 12 hours, the silence from MAS is particularly concerning. Is MAS implying that since many companies other than DBS were affected, it cannot fault DBS for its service lapse?

Stakeholders expected a proactive response, consistent with the authority’s prior commitments to maintaining stability and trust in the banking system, as explicitly stated by Mr Tharman in his various replies.

This lack of communication, especially when compared with the detailed promises and measures outlined previously, not only erodes public confidence but also raises doubts about the preparedness of major financial institutions against unforeseen threats, including potential cyber-attacks.

In considering these disruptions, it is perhaps a small mercy that the recent incident emerged as an unforeseen mishap rather than a calculated act of sabotage intended to destabilize Singapore’s digital economy.

Nevertheless, the revelation is deeply troubling; the apparent lack of effective redundancy systems exposes a critical vulnerability. This deficiency suggests that, in the event of a targeted cyberattack, malefactors could exploit this single point of failure with ease, potentially crippling the nation’s digital infrastructure.

The ease of triggering such a widespread disruption points to an alarming reality: our current defences, or lack thereof, could inadvertently be laying out a welcome mat for those seeking to harm Singapore’s digital economy.

This glaring gap in systemic protection underscores the urgent need for comprehensive strategies, ensuring that fail-safes are in place to counteract the ramifications of any single data centre’s failure.

While MAS imposed an additional capital requirement on DBS in May, which, combined with the requirement imposed in February 2022, amounts to approximately S$1.6 billion in total additional regulatory capital, one must question its effectiveness.

Frankly, what repercussions does it hold for the bank if these actions do not impact its profit margins? Are any imposed penalties less consequential than the costs saved by the bank if it had not embarked on ensuring redundancy in its digital banking system?

The repeated incidents of service disruption call for a re-evaluation of the strategies employed by banks like DBS in safeguarding their digital banking systems, particularly in light of the bank’s proud announcement of the S$8.19 billion annual net profit it achieved in 2022 and DBS CEO Piyush Gupta’s staggering S$15.4 million salary in 2022.

It also underscores the need for MAS to reinforce its regulatory role, ensuring that these institutions not only make promises but also implement tangible, effective measures that withstand the demands of the evolving digital banking landscape.

The recent disruptions, the ensuing commitments, and the continued vulnerabilities indicate a gap between what is assured and what is delivered—a gap that requires urgent bridging to maintain the reputation of Singapore’s banking sector.

Share this post via:
Continue Reading
18 Comments
Subscribe
Notify of
18 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

It’s incredible how they fuck up or get fucked up and cover it up blaming some bed time story. The rot within the infrastructure is imminent but they’ll worm their way into being kept relevant. To top it off, the rotten government doesn’t help either with them playing musical chairs and no idea on how to run the system. All they know is take money take money.

The PAP govt in pushing hard for digitalization (for cost savings and other “benefits”) is in many cases leaving for-profit companies (banks and telcos) to run amuck when regulations do not keep up with use cases.

What do you expect? Banks like DBS, UBS, UOB, StanChart, Bank of America Merril Lynch, CitiBank, Visa etc. staff and places like Changi Business Park and MBFC are all 90% CECA trash from India!!! They are all incompetent with fake or rubbish third world qualifications. Crazy and evil LHL and PAP basturds let it happen!!! LHL has been screwing and backstabbing Singaporeans for the last 15 years!!! We have to kick out PAP basturds and CECA trash from India to get our jobs back. PAP basturds are enjoying life with their million dollar salaries, and we Singaporeans are suffering because… Read more »

The shadowy efforts of CPIB investigations into Keppel Bribery Corruption which was CONCLUSIVELY indicted by USA 🇺🇸 showed what a SLIPPERY path for SG this PAP Administration has trudged SG towards.

Come on. What’s the greatest show on earth in recent times? The PAP BLINDERS – turned it around to showcase the world, Sheegapore is A Smart Nation. What for? To attract 3rd world talents to grind the economy in order to disguise mediocre Monsters efforts tt they are indeed running a good show, really?

Just like everything on the island state, when the shit hits the fan, … await the “in house” enquiry/review that will explain it all with new precautions and processes, … and that’ll be it !!!

A nation brought up on a “no blame culture” and “no head/s will roll”, … what does anyone seriously expect, … seriously !!!

The unaccountability at the highest levels, … continues into the SillyPore sunset, for yet another day !!!

This is our so call Smart Nation initiative led by people and regulators not so smart after all. The only smart things they did is to scam citizens of their money into their pocket.

VTO. VTO.

Posb ppl bank and low end bank … Dbs supposedly the higher end. Is it riding on Posb and pretending to be the poor chap when it ain’t poor?!?

It’s unlikely to witness the maintenance of the required resiliency of SG digital banking system as long it’s manage by the same group of those half past six so call IT imports from la la land🙊🙊🙊

Up to Now . Nobody answer the Posb and DBS relationship. On stall so are they merge or NOT. Then one logo and bank name instead of PoSb/Dbs? Who is using who has Wall or shield. Leaders who cannot even answer or refuse to answer simple questions are just hookwinking others. Please established and clarify their relationship?!?

The default answer is designed to gaslight:

  • “No cyber attack” ( admitting that there was would help the hackers ) is the gaslight.
  • “The data centers have adequate redundancy systems in place. To get more means a higher cost to consumers” is another gaslight to shift blame to consumer/voter
  • ” Such events occur 0.02% in 5 years, This is within expectations”.. another gaslight

They will also quote “other countries”… and make comparisons… ( suddenly, this does not fall under Ownself check Ownself)



Trending