QUESTION NO. 1912
NOTICE 1206 OF 2022
FOR WRITTEN RESPONSE
Date: For Parliament sitting on July 5, 2022
Member’s name and constituency
Dr. Tan Wu Meng, MP, Jurong RCMP
Ask the Prime Minister (a) how many MAS-regulated banks have recently experienced digital banking disruption and for how long; b) how many customers are affected; c) whether MAS has assessed financial institutions’ dependencies on third-party cloud computing networks, including the provision of digital banking services; and (d) what lessons have been learned from the service disruption.
Response from Mr. Tharman Shanmugaratnam, Minister of State and Minister in charge of MAS:
1. Since July 2021, four major retail banks
2. The root causes of these incidents lay mostly within the banks themselves – such as incorrect software configurations, system malfunctions, and errors introduced when the banks made changes to the system. One of the incidents was related to an outage at a third-party cloud service provider.
3. MAS takes all IT incidents that affect the availability of digital banking services seriously. It requires banks to be able to recover systems supporting critical banking services such as funds transfers and payment services within four hours of any disruption. Additionally, the total unscheduled downtime of each critical system must not exceed four hours in any 12 month period. MAS takes supervisory action when banks do not comply with these requirements.
4. In the event of DBS Bank’s extended digital banking disruption in November 2021, MAS ordered the bank to appoint an independent expert to carry out a full review of the incident, including checks and recovery actions. the bank and how a similar incident can be avoided. in the future. The bank has also been instructed to correct any shortcomings identified during the review and to implement measures to ensure that any future disruptions to its digital banking services are resolved quickly and adequately. MAS demanded that the bank hold additional capital
5. Recent incidents highlight the need for banks to continually review their IT resiliency strategy and ensure there is sufficient redundancy and fault tolerance built into their digital banking IT infrastructure. In addition, rapid system diagnosis and recovery, coupled with robust business continuity management, are critical to minimizing the impact of an IT disruption.
6. MAS recently released a set of new Business Continuity Management Guidelines (BCMG)
seven. Globally, financial institutions are increasingly relying on third-party services such as public cloud computing. This increases financial institutions’ exposure to third-party risk. MAS has highlighted third party risk as one of the key areas for financial institutions to focus on in both the BCMG and the Technology Risk Management Guidelines (TRMG)
8. MAS works closely with industry, global financial regulators and major service providers, on best practices for managing third party risk.
I. MAS collaborated with the Association of Banks of Singapore (ABS) to publish guidelines on cloud computing best practices
ii. MAS co-leads an international subgroup on cloud monitoring and identity and access management within the Bank for International Settlements (BIS).
9. The technological landscape in which banks operate is becoming increasingly complex. It is therefore essential that banks maintain and continuously improve the security and resilience of their IT systems in order to maintain stability and confidence in the banking system. MAS will continue to work closely with industry in this regard.