Inadequate management and the lack of “a robust
technology risk management framework” caused a
service outage of DBS Bank’s online and branch banking
systems, according to its regulator.
As directed by Monetary Authority of Singapore (MAS), DBS
and its outsourcing vendor IBM conducted an investigation into the
causes of the breakdown that occurred on 5 July this year.
According to MAS, it reviewed the findings and conducted its own
MAS found that DBS’s systems breakdown arose
in part from the failure of the bank to put in place a robust
technology risk management framework to ensure the reliability,
resiliency and speedy recoverability of the bank’s IBM
mainframe-storage area network (SAN) platform and
architecture. It also claims that DBS Bank did not exercise
sufficient oversight of the maintenance, functional and operational
practices and controls employed by IBM.
Therefore, MAS found that DBS Bank had not
adhered to sections 5, 7 and 8 of its Internet Banking and
Technology Risk Management Guidelines (IBTRM).
MAS said it has censured DBS Bank for the
shortcomings and inadequate management oversight by the bank, and
the incident revealed weaknesses in DBS Bank’s technology and
operational risk management controls.
“MAS takes a serious view of this incident,”
said Teo Swee Lian, managing director, financial supervison,
“We expect all financial institutions to put
in place a robust technology risk management framework that will
ensure the reliability, resiliency and speedy recoverability of the
institution’s IT systems and infrastructure, whether outsourced or
“We have recently written to the CEOs of all
financial institutions to remind them of this. MAS will not
hesitate to take appropriate supervisory action against any
financial institution which fails to meet the standards set in the
MAS has ordered DBS to adopt various measures
to prevent such breakdowns in the future. They include diversifying
its material outsourcing risks to combat over-reliance on one
single service provider, redesigning its online and branch banking
system platforms, and setting aside S$230 million in regulatory
capital for operational risk.
“The system outage is of grave concern to us
and we acknowledge MAS’s censure,” said Piyush Gupta, CEO of
“DBS would like to assure customers that
taking into account the regulatory capital charge, our total
capital adequacy ratio is still comfortably above the required
levels. Measures to strengthen our technology and risk management
controls are also well underway.
“Twelve months ago, DBS commenced a two-year
programme to further enhance our system reliability and resilience
and we are accelerating the implementation of these initiatives.
DBS is deeply sorry for the outage and once again, my apologies to
our customers for all the inconvenience caused.”
An investigation by DBS and IBM into the
outage found that it was caused by an IBM staff member’s repeated
failure to apply the correct procedure when addressing instability
in the communications link of the storage subsystem.