Singapore bank faces regulatory action over ‘unacceptable’ digital service outage
Singapore bank DBS’ second major online service outage in just over a year is “unacceptable” and indicative of its failure to ensure system availability.
It now faces supervisory actions from industry regulator, Monetary Authority of Singapore (MAS), which said it placed great emphasis on the reliability of banks’ critical IT systems.
DBS on Wednesday morning said via its Facebook page that access to its digital services, including its mobile payment app PayLah, was unavailable. The bank said its systems were “secure and uncompromised”, but gave no details on what caused the disruption in its initial and subsequent updates as the outage persisted throughout the day.
Some customers reported being asked to reset their PIN when they tried to log into their accounts, prompting concerns of a scam. One customer said DBS should have posted a service notification on its login page and disabled all login attempts to ease such concerns.
The bank’s online services were restored in the evening, about 10 hours after they went down.
Noting that the latest incident came a year after a similar service outage in November 2021, MAS said DBS had “fallen short” of the regulator’s expectations to ensure high system availability and swift recovery of its IT systems.
The bank had been instructed to run a full investigation so the root cause of the disruption could be identified, MAS said, adding that it would take supervisory actions once the necessary facts were established.
DBS’ November 2021 service outage lasted two days and was caused by a problem with the bank’s access control servers, resulting in customers’ inability to log into their account. For the disruption, MAS had imposed on the bank an additional regulatory capital requirement totalling SG$930 million.
Singapore in recent years has implemented tighter guidelines for the financial sector, as part of efforts to boost the cyber resilience of the country’s critical information infrastructures. These include technology risk management processes, such as having “strong oversight” of partnerships with third-party service providers to ensure data confidentiality as well as security controls and stress tests.
RELATED COVERAGE
READ MORE HERE