MAS & DBS in dialogue to investigate banking, ATM disruptions during outage
SINGAPORE: The Monetary Authority of Singapore says it is in dialogue with DBS Bank on investigations into the seven-hour outage that disrupted banking and ATM services at DBS and POSB on July 5.
More than 1,000 ATM machines as well as some branch services were affected by the disruption.
DBS had said that the glitch was caused by a botched routine computer repair job.
It is working with its IT vendor IBM to ensure that such lapses do not recur.
Asked about the issue during a news conference on its annual report Thursday, MAS said it will assess the outcome of the investigation before deciding on the appropriate regulatory action to take.
Deputy managing director, Financial Supervision, MAS, Teo Swee Lian said: "It would be premature to say anymore at this stage, we should look at what the investigation come up with, but every one is taking it very seriously, both the bank as well as ourselves.
"When we have a full understanding of what happened and what were the causes, then we would look to see how we could address such gaps."
- CNA/jm
DBS Bank censured by MAS for management oversight in July ATM breakdown
Singapore: The Monetary Authority of Singapore (MAS) has censured DBS Bank for management oversight over its outsourced IT systems, networks, operations and infrastructure that led to a service outage of its banking systems on 5 July.
In a statement released Wednesday, it said DBS Bank has not adequately observed three Sections of the MAS Internet Banking and Technology Risk Management Guidelines (IBTRM Guidelines).
The widespread system, noted the MAS, also revealed weaknesses in DBS Bank's technology and operational risk management controls.
MAS said that investigations showed the breakdown arose in part
from the failure of the bank to put in place a robust technology risk
management framework to ensure the reliability, resiliency and speedy
recoverability of the bank’s IBM mainframe-storage area network (SAN)
platform and architecture.
It said DBS Bank did not exercise sufficient oversight of the
maintenance, functional and operational practices and controls employed
by IBM.
“MAS takes a serious view of this incident. We expect all financial
institutions to put in place a robust technology risk management
framework that will ensure the reliability, resiliency and speedy
recoverability of the institution's IT systems and infrastructure,
whether outsourced or in-house" said Ms Teo Swee Lian, Deputy Managing
Director, Financial Supervision, MAS.
She added that the MAS has recently written to the CEOs of all financial
institutions to remind them of its expectations, adding "MAS will not
hesitate to take appropriate supervisory action against any financial
institution which fails to meet the standards set in the IBTRM
Guidelines.”
The MAS said DBS Bank has been told to conduct an independent review of the incident as well as to adopt remedial measures.
This includes steps to diversify and reduce its material outsourcing
risks so that it does not overly rely on a single service provider or a
single vendor’s products and services.
The bank has to also conduct a thorough internal review of the SAN
mainframe and open system architectures and configurations to discover
and correct any single points of failure or operational and functional
fragility.
The MAS has also told the bank to redesign its online and branch banking
systems platform to reduce risks and allow more flexibility and
resiliency in operations and recoveries.
A review of outsourcing vendors' processes and functions related to
services and hardware/software maintenance has also been suggested, as
well as to make sure maintenance and support teams from vendors have the
requisite level of skill, capability and experience to meet the bank's
service and support criteria.
The bank will also have to assess the ability of outsourcing vendors to
meet, at all times, the bank's service level requirements and recovery
point objectives for all mission critical systems.
In addition, it has to set up a Systems and Network Command Centre
within the bank to continually monitor the operation, performance and
health of its systems, networks, storage platforms and hardware and
software devices.
Finally, the MAS has told the bank to strengthen its capabilities and
resources for a rapid disaster recovery plan when a major system failure
or site catastrophe occurs.
In its statement, the MAS said DBS Bank has been told to apply a
multiplier of 1.2 times to its risk-weighted assets for operational
risk, which translates to the bank setting aside about S$230 million
extra in regulatory capital on a group basis based on numbers as at 30
June 2010.
The additional capital requirement will be reviewed when MAS is
satisfied that the bank has put in place adequate risk control measures
to address the deficiencies identified.
The MAS also said it also expects the bank to take immediate steps to
improve its customer communication process and ensure timely
communication with stakeholders with effect.
- CNA/sf
MAS instructs DBS Bank to set aside $230m in regulatory capital
SINGAPORE: The Monetary Authority of Singapore (MAS) has instructed DBS Bank to set aside about $230 million in regulatory capital, as part of its supervisory action against the service outage of the lender's online and branch banking system on 5 July.
The more than seven-hour outage caused significant inconvenience to the bank's customers.
MAS says the additional capital requirement will be reviewed when it is satisfied that the bank has put in place adequate risk control measures to address the deficiencies identified.
It says based on investigation reports and its own analysis, the
breakdown was in part a result of the failure by the bank to put in
place a robust technology risk management framework.
DBS Bank did not exercise sufficient oversight of the maintenance,
functional and operational practices and controls employed by IBM.
It has therefore not adequately observed Sections 5, 7 and 8 of the MAS
guidelines on Internet Banking and Technology Risk Management.
MAS has also directed DBS Bank to adopt several measures including
diversifying and reducing its material outsourcing risks so that it does
not overly rely on a single service provider or a single vendor's
products and services.
It also expects the bank to take steps to improve its customer
communication process and ensure timely communication with stakeholders
with immediate effect.
Deputy managing director, Financial Supervision, at MAS, Teo Swee Lian
said the regulator has recently written to the CEOs of all financial
institutions to remind them of the need for a robust technology risk
management framework.
She says MAS will not hesitate to take appropriate supervisory action
against any financial institution which fails to meet the standards set
in the guidelines.
- CNA/jm