MAS Threatens Supervisory Action if Banks Exceed 4 Hours of Downtimeby Fintech News Singapore July 6, 2022
The Monetary Authority of Singapore (MAS) takes seriously all IT incidents that affect the availability of digital banking services, said Tharman Shanmugaratnam, Senior Minister and Minister in charge of MAS in a parliamentary reply.
He added that four major retail banks have reported a total number of eight interruptions to their digital banking services since July 2021.
While the incidents were mostly resolved within three hours, they affected on average about 12,000 customers, with the numbers ranging from 500 to 37,000.
The longest interruption of 39 hours was experienced by DBS Bank from 23 to 25 November 2021, arising from a malfunction of the bank’s access control servers.
Due to this prolonged disruption, MAS directed the bank to appoint an independent expert to conduct a comprehensive review of the incident.
The bank has also been directed to rectify all shortcomings identified from the review and implement measures to ensure that any future disruption to its digital banking services is resolved quickly and adequately.
MAS has also required the bank to hold an additional capital of S$930 million until all shortcomings identified from the review are satisfactorily rectified.
To deal with this, the regulator had recently published a set of new Business Continuity Management Guidelines (BCMG) that set out measures that financial institutions can employ to sustain critical business services and to minimise service disruption.
MAS has highlighted third-party risks as one of the key areas for financial institutions to focus on in both the BCMG and the Technology Risk Management Guidelines (TRMG).
The regulator MAS has also been working closely with the industry, global financial regulators and leading service providers, on best practices to manage third-party risks.
This includes a collaboration with The Association of Banks in Singapore (ABS) and co-leading an international subgroup on cloud monitoring and identity and access management under the Bank for International Settlements (BIS).
“MAS takes seriously all IT incidents that affect the availability of digital banking services. It requires banks to be able to recover systems supporting critical banking services such as fund transfers and payments services within four hours following any disruption.
In addition, the total unscheduled downtime for each critical system must not exceed four hours within any 12-month period. MAS takes supervisory action when the banks breach these requirements.”