SINGAPORE, 1 November 2023 – The DBS Board and Management today apologised for the series of digital disruptions this year, and said the bank is addressing the issues at hand with utmost priority.
This includes the rollout of a comprehensive roadmap to improve technology resiliency, encompassing both immediate and longer-term measures to strengthen technology governance, people/leadership, systems and processes.
The bank also assured customers that when the roadmap is completed, they will see improved service reliability. Should disruptions occur, the remediation measures being implemented will shorten the time taken for recovery. DBS is also working to ensure that, where possible, customers will have alternative means to fulfil their banking needs in case a service or channel is temporarily unavailable. The bank will maintain its network of physical touchpoints, which include branches; self-service banking machines such as ATMs and VTMs (Video Teller Machines); as well as POSB Cash-Points at merchant outlets including Giant, Cold Storage, 7-Eleven and SingPost. If need be, branches will be opened on Sundays and public holidays as an alternative service channel.
Said DBS Chairman Peter Seah, “The Board apologises for the digital banking disruptions. When customers bank with us, they expect to be able to access our banking services conveniently, and at any time of the day. With the incidents of the past year, we have failed to live up to these expectations, and have also fallen short of our own standards. As an acknowledgement that the bank could have done better, senior management will be held accountable, and this will be reflected in their compensation.”
“Over the past few months, the bank has been making every effort possible to strengthen our resiliency and business continuity, and to be able to recover more quickly when incidents happen. This is a work in progress, and we seek customers’ patience as we work through our remedial actions.”
Accenture’s findings and recommendations
After the 29 March incident, when customers faced difficulty accessing the bank’s digital banking services, the Board convened a Special Board Committee (Committee) led by Lead Independent Director Olivier Lim (Chair) and comprising Tham Sai Choy, Bonghan Cho and Chng Kai Fong, to oversee a full review of the disruption.
The Committee engaged two independent experts to support them: Ajey Gore and Marc Massar, who are senior technology practitioners with relevant expertise. It also appointed an independent third party, Accenture, to carry out a root cause investigation of the March incident (which was subsequently extended to the 5 May incident), and to conduct a comprehensive review of the bank’s digital banking services, including its control processes, digital banking services and technology stack.
The findings of the Accenture review – completed in August – were also corroborated against recent disruptions: the 26 September incident impacting FAST/PayNow transactions, the 14 October data centre incident, as well as the 20 October incident when some customers had intermittent access to DBS PayLah!.
The bank believes that key gaps and deficiencies have been identified: per Accenture’s review, they fall into four main areas – technology risk governance and oversight, incident management, system resilience and change management.
Committed to doing better
To address these areas of weakness, the bank has taken onboard Accenture’s recommendations and, in some cases, will be taking steps in addition to the recommendations to further improve technology resiliency.
A summary of key actions being taken – with the aim of improving governance of technology risk; people and leadership; as well as oversight and management of technology operations and incidents .
The bank has established a new sub-committee of the Board Risk Management Committee called the BRMC Technology Risk Committee(BTRC). The BTRC will provide dedicated oversight of technology risk. It will also oversee the implementation of the remedial measures that the bank will carry out to address the findings of the Accenture review.
It has also transferred the Technology Risk Management team to the Risk Management Group, reporting to the Chief Risk Officer, to enhance independent checks and balances.
Given the increased complexity and scale of the technology and operations (T&O) function, from 1 November, DBS is splitting T&O into two separate units to allow for dedicated management oversight of each. Jimmy Ng (currently Chief Information Officer and Group Head of T&O) will assume the role of Group Head of Operations. A search for a new CIO has been launched. In the interim, Han Kwee Juan (who will remain Singapore Country Head) will assume the role of Acting CIO. To enable him to give the needed attention and focus to the technology function, Sim S. Lim, currently a Senior Advisor to the bank, will temporarily return to manage the day-to-day operations of the Singapore organisation.
The bank has strengthened its site reliability engineering with new leadership. Ho Twee Teng, a 40-year DBS technology veteran, was appointed as the bank’s new Head of Enterprise Architecture Site Reliability Engineering (EASRE) from 18 October. DBS has also created a new Quality Assurance function within EASRE to provide an additional independent layer of verification, controls and checks over the bank’s change management process.
Work has commenced to establish clearer ownership and management of incidents within the bank, as well as between the bank and its service providers and vendors. The bank will also improve proactive problem management through the active review of early warning indicators, identification of other possibly affected areas, and taking preventive actions.
The bank has instituted a six-month pause on non-essential IT activities, to single-mindedly focus on improving technology resiliency.
In addition to the above, the bank is in the process of strengthening system resilience and tightening processes around change management. As these improvements are more structural in nature, they will take time to fully implement, and are expected to be completed in 12-24 months.
With these changes, customers can expect to see concrete improvements in both service availability and service recovery in the coming months and over the longer term:
In addition to complying with the regulatory requirements at a system level, DBS will also introduce new service availability targets at a service level. DBS is setting new service targets for three key digital banking services; namely, balance enquiry, overseas payments and domestic payments.
Should one of these services become temporarily unavailable on a particular digital channel, the bank will ensure that the service is available on an alternative digital channel.
The bank pledges to limit downtime, where each service is completely unavailable across all digital channels, to no more than an average of 1.5 hours per month over a three-month period. This is a commitment DBS aims to deliver on within the next six months, and continuously improve on.
Said DBS CEO Piyush Gupta, “We are deeply sorry for the digital disruptions. Over the years, DBS has focused on digital transformation so as to make banking simple, seamless and effortless. However, we acknowledge that we must now do better to deliver on this, and are taking a multitude of actions across technology governance, people/leadership, systems and processes. We will also be setting aside a special budget of SGD 80 million to enhance system resiliency. Our assurance to customers is that they can expect these actions to deliver concrete improvements in the near term and over time. In particular, apart from complying with regulatory requirements on system availability, we are committing to additional targets we are setting for ourselves on ensuring high service availability as well.”
Re-disseminated by The Asian Banker