Slightly over a year after a two-day outage that irked its users to no end, DBS suffered another long disruption to its banking services in Singapore yesterday.
The day-long downtime for Southeast Asia’s largest bank and a forerunner in digital banking meant that its users couldn’t log in online to their bank accounts or pay with their mobile wallet app.
As expected, words of regret are now being shared by the DBS head honcho, after the services came back online yesterday evening.
The government authorities also dutifully said it had been in close contact with DBS to “ensure expedited recovery” of its digital services, as well as timely communications to customers on the disruption, reported CNA.
The Monetary Authority of Singapore (MAS) even went a little further this time, saying that the disruption was “unacceptable”, and referring to the last big outage back in November 2021.
What, then, is acceptable? To users, access to their banking account is critical for everyday life as well as business, so anything other than a short outage involving mere minutes is difficult to accept.
For MAS? Apparently, it has a standard for banks to follow. The total unscheduled downtime for each critical system must not exceed four hours within any 12-month period.
Revealing this in Parliament in July 2022, Senior Minister Tharman Shanmugaratnam also said MAS would take supervisory action when banks breach these requirements.
For DBS’ last outage in 2021, which MAS deemed “serious”, the bank was made to hold additional capital, in the form of 1.5 times its risk-weighted assts for operation risk. In other words, it had less money on hand to lend and earn interest from.
The question after yet another outage now is whether such penalties are enough. How much of a punishment would be deemed sufficiently painful for a bank flush with money to make it avoid another outage?
In its regularly updated technology guidelines to financial institutions, MAS lists detailed requirements for safeguarding of data, managing IT issues and much more.
It may be time that MAS also adopted a more user-facing role, by publishing the uptime statistics of digital banking services of the major retail banks operating in Singapore.
Not only will this have a direct reputational effect on these banks, but these details will also help consumers and businesses better decide which banks can be trusted to be available when they are needed.
Think of the quality of service reports that the Infocomm Media Development Authority (IMDA) publishes every quarter on the availability and latency of the major broadband providers here in Singapore.
A similarly transparent approach means that an outage is no longer described in vague terms like “unacceptable” or “serious”. Nor are words of regret just another media release that is quickly forgotten.
With one’s digital banking service quality published regularly, there is nowhere to hide if the service falls behind rivals. This is the best encouragement for banks to up their game.
Now, some banks would no doubt say they have bigger operations and thus are a lot more complex to run.
That may be true today, but aren’t the banks the ones that have been harping on about digital transformation and that every company is an IT company?
If so, they have to behave like an IT company. That is, one that reports transparently instead of an entity shielded by a sort of confidentiality that’s often accorded the financial sector.
After all, these banks use public cloud services and they have all the system availability numbers on their dashboards. It is also not difficult for the regulator to request these numbers, either.
In his reply in Parliament, Senior Minister Tharman also revealed that four major retail banks reported eight interruptions to their digital bank services between July 2021 and July 2022.
On average, 12,000 customers were affected by these incidents, though the numbers ranged from 500 to 37,000. The most serious back then was the DBS outage, which was the longest interruption at 39 hours.
Perhaps more of these numbers should be made public on a regular basis, with banks standing next to their quality of service for closer scrutiny.
After all, what an acceptable quality of service is should be decided by the banks’ customers, who can carry out the most effective penalty for downtime by walking out.
It bears repeating that banks have reaped enormous benefits from shuttling physical branches and moving operations online. They have cut costs by making users outside their VIP “privileged banking” classes use their apps and interact with chatbots.
To a bank, these users with small savings or business accounts may not be important and are perhaps best served without a “high touch” approach. That is, one that doesn’t tie up costly human resources.
On the flip side, the bank is such an important entity to these users. Small businesses have to make regular payments to workers; consumers paying for goods and services at malls now depend on mobile payment after being told to go cashless in the past few years.
With so much depending on the uptime of a bank’s digital services, it is not enough for banks and their government regulator to just carry on with a “best effort” service.
They need to be more transparent about the availability of their services. Ultimately, their customers will decide if that’s good enough.
