2.5 million transactions affected by recent DBS, Citibank outages; 810,000 login attempts failed

DBS and Citibank have to conduct thorough investigations and come up with a plan that will minimise future disruptions and outages. ST PHOTO: STEPHANIE YEOW
Chor Khieng Yuit
Senior Correspondent
Updated
Nov 07, 2023, 10:16 AM
Published
Nov 06, 2023, 10:05 PM

SINGAPORE – Some 2.5 million payment and ATM transactions could not be completed during the banking outages that hit DBS Bank and Citibank on Oct 14, causing widespread disruption to businesses and consumers, said Minister of State for Trade and Industry Alvin Tan on Monday.

Customers also made up to 810,000 failed attempts to access the digital banking platforms of both banks between 2.54pm that day and 4.47am the following day.

Giving the estimates on the impact of the outages in Parliament, Mr Tan said that both banks have fallen short of regulatory requirements to ensure that their critical information technology systems are resilient against prolonged disruptions.

The outages were caused by a fault in the cooling system of an Equinix data centre used by DBS and Citibank. While both activated disaster recovery and contingency plans, services were fully restored only in the early hours of Oct 15.

“While both banks conducted annual exercises to test the recovery of the IT systems at the backup data centres, the specific issues that led to the delays in system recovery on Oct 14 did not surface during those tests,” he added. 

Mr Tan noted that the Monetary Authority of Singapore (MAS) has measures in place to uphold the “reliability and recoverability” of banking services.

Under the Banking Act, banks that are found to have breached MAS’ requirements on technology risk management can be fined up to $100,000. This will be increased to a maximum of $1 million in 2024, Mr Tan said.

MAS also uses other regulatory tools to address lapses in banks’ risk management, Mr Tan said. This includes imposing additional capital requirements and suspending certain bank activities.

He cited DBS as an example, and said the string of five disruptions to banking services in the last eight months was “unacceptable”.

MPs questioned whether the punitive measures imposed on DBS were enough. 

Tampines GRC MP Desmond Choo said it is “nothing short of a slap on the wrist”. 

Mr Tan noted that MAS took a tougher stance on DBS, by requiring it to hold additional regulatory capital.

Higher capital requirements mean DBS must hold more liquid capital, which could leave the bank with less money for dividends or investments.

“It is a drag on the return of capital which could in turn impact credit ratings, as well as the stock price of the bank,” Mr Tan said.

More On This Topic
4 of the 5 major DBS disruptions in 2023 were bug- or software-related: CEO Piyush Gupta
MAS suspends DBS from new business ventures, reducing branch and ATM networks over disruptions

DBS also cannot undertake new acquisitions and has to pause non-essential IT changes for six months.

Mr Tan noted that the measures do not stop here. DBS and Citibank have to conduct thorough investigations and come up with a plan that will minimise future disruptions and outages.

He added that the banks will need to test their plans regularly to ensure they are able to recover within four hours in the event of another outage.

West Coast GRC MP Ang Wei Neng asked if MAS will consider asking banks that have been hit by outages to compensate customers directly.

Adding to his earlier point that “matters of compensation are better dealt with between the bank and its customers”, Mr Tan said that consumers can hold financial institutions accountable for such incidents.

“If I am unable to pay using one of the financial services providers, then I go to the other one. I lose confidence in one, I go to the other one.” 

Mr Tan added that consumers can also consider using different ways to pay, so they are not overly reliant on one financial provider for time-sensitive transactions.

During the Oct 14 disruption, some customers were able to switch to alternative payment methods or providers, or use cash.

More On This Topic
‘I carried around my piggy bank’: Amid DBS, Citibank service outage, cash is king
Some users still left with pending transactions one day after DBS’ PayNow hit by service delays

The disruption also highlighted the importance of data centres to a bank’s operations.

Mr Tan said the Government is looking into ways to further strengthen the security and resilience of data centres.

Like other major jurisdictions, MAS currently does not regulate external service providers such as data centres, which are typically not financial institutions.

It is the bank’s duty to implement adequate risk controls and oversight over their data centre providers, so they can deliver on their financial services with minimal disruptions, he added.

Correction note: This article has been updated for clarity.

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top