As a result of the speed and impact of COVID-19, financial institutions around the world are racing to digitize products, services, and operations even faster than before. But in Asia, the pandemic’s first front, advanced digitization of financial services was already well underway. Our young population expects to be able to do nearly everything from their phones, so our journey from traditional bank to tech company started in 2014 and continues today. 

Becoming the D in Gandalf

Founded in 1968, DBS is Singapore’s largest bank, and now has operations in six key Asian markets. However, we don’t think like a traditional bank. In fact, our aspiration is to be part of the GANDALF group of companies: Google, Apple, Netflix, DBS, Amazon, LinkedIn, and Facebook. In the last six years, we have undertaken a top to bottom digital transformation, recognized in 2019 by Harvard Business Review as one of the top ten strategic transformations of the decadeEuromoney has also named DBS the world’s top digital bank for two of the last three years.  

Digitization is not just about product and service delivery but also an institution’s processes, from customer service to product development. Our strategy has been driven by the question, “what would the CEO of tech company or startup do?” We have adopted the tech mindset of designing both the customer and employee journeysfocusing on data-driven decision-making, and changing company culture. From a technology point of view, we stay at the cutting edge, using AI and data analytics to implement and manage our digital banking platform, as well as APIs and third-party relationships with fintechs to introduce new innovations quickly.We also experiment with new technologies like blockchain and even quantum computing. 

It’s not just a visionEmbracing a digital strategy not only offers an improved customer experience and personalized services at lower costsand also delivers higher efficiencies for the bank. DBS’ digital customers generate twice as much income, maintain higher loan and deposit balances, and cost up to 57% less to acquire than traditional consumers who visit a physical branch. Digital customers also consume 16 times more self-service transactions and clock a 27% return on equity, in contrast to 19% for traditional customers. 

Move Fast, and Then Faster

Unencumbered by the legacy systems of most bankswe aragile, and both our systems and processes are easy to update quicklyFor example, with the advent of COVID-19, we were able to accelerate our contact-free banking efforts, enable new work-from-home processes to allow certain previously restricted functions to be done remotely (with added security measures)and even work with startups to enable restaurants to be able to move to online delivery and payments 

Our digital-first structure also allows us to quickly penetrate new markets, such as India and Indonesia, where setting up physical branches and infrastructure is expensive and time-consuming, not to mention challenging from a regulatory standpoint.  

The Constant Calculus 

Of course, with expanding digital products and services comes a larger attack surface. New technologies are enabling us but also enabling cyber adversaries. For example, facial recognition technologies are in wide use around Asia. Wuse it in certain contexts, such as utilizing India’s official facial database as authentication for certain low risk transactions. But because of the proliferation of deepfakes, we recognize that facial recognition may have limitations as an authentication strategy – so with higher value and therefore riskier transactions, we implement more layers of authentication.  

DBS is extremely risk conscious, and cybersecurity is top of mind for senior management, which translates to it being embedded into the design of all productsLike most of our peers, we are constantly looking at the risk vs. usability trade-off. We have implemented multi-layered defences based on the predict, deter, prevent, detect and response framework. We keep abreast of techniques and threats as they evolve in order to develop the appropriate countermeasures. We also hack ourselves, conducting periodic phishing and social engineering exercises to translate theoretical knowledge into day-to-day application for our employees. Our strategy is summed up as:  

  • Visibility through active monitoring to watch for anomalies in networks, systems and data access. This helps to detect any potential incidents as early as possible.
  • Deep defence with multi-layered security controls. If one layer of technology is compromised, there will be other layers to mitigate the risk.
  • Use of new technologies such as browser isolation to reduce the need to respond to threats and automation of processes such as if threat intelligence detects password exposure, it automatically notifies the user to change their password.
  • Helping our users stay vigilant and educating them not to click on suspicious links and attachments.

Since cyber threats know no borders, we are also plugged into the international network on cybersecurity. We are a member of FS-ISAC, and regularly conduct studies around the world to understand new risks and explore new techniques in defence. We strongly believe that open communication and sharing is key in cybersecurity. We also work with law enforcement to actively catch cyber criminals and ensure they can’t hide behind the many layers of digital anonymity they try to construct 

Cybersecurity has become one of the top priorities of regulators in Asia Pacific. MAS in Singapore and HKMA in Hong Kong have established comprehensive governance and guidelines for the industry.  Within DBS, our cybersecurity governance framework applies to the entire group.  It contains a whole set of management tools, a comprehensive risk management approach, and, importantly, a security awareness program covering everyone in the organization.  At the same time, we have dedicated cybersecurity officers in each country and make sure that risks and regulatory requirements specifically for that country are well assessed, evaluated and managed. Digitization helps us take a unified approach to both compliance and risk, whether we are operating in the stricter regulatory regimes of Hong Kong and Singapore or pushing new opportunities in India and Indonesia. 

Asia: Digitize or Die

Even before COVID-19, there was no choice when it came to digitization of financial services in Asia. China was the leader, with Alipay and Tencent bypassing credit cards completely in favour of digital wallets. Now they offer everything from loans to investments to insurance. Digital banking licenses are being issued in Hong Kong, Singapore, and South Korea. The Japanese e-commerce group Rakuten has expanded into credit cards, digital banking, investments, and insurance.   

Newer fintech companies are also entering the market and quickly getting up to speed, understanding that customer trust is paramountWhat might have been an advantage for banks in terms of a legacy of robust security and data protection is quickly giving way because the new players know they need that trust to be successful. We know this is true since we are seeing the fintechs poach cybersecurity professionals from the banking sector. Since we as banks need to be innovative and easy to use like the fintechs are, we are all meeting in the middle, which creates an ultracompetitive playing field. We had to disrupt ourselves, or we would have been disrupted.  

The Insight

Digitization of financial services in Asia is well ahead of much of the world, thanks to a young, digitally savvy population who expect to be able to access most services from their smartphone. While an established bank, DBS has undertaken one of the world’s leading digital transformation efforts, and now considers itself more a tech company than a traditional bank. In order to stay ahead in an ultra-competitive and innovative landscape, strong cybersecurity controls on digital platforms enable DBS to quickly expand across the region and into new markets while maintaining customer trust and regulatory confidence.

June 2020

© 2020 FS-ISAC, Inc. All rights reserved.

Ransomware-Sidebar
Ransomware_Graphic_1200x627px (1)

With its attractive business model and multiple revenue streams, ransomware is a growing threat to financial services and their third party suppliers. While there are many steps you can take to prevent attacks, threat actors are evolving their tactics all the time. If attacked, will you pay the ransom?

View Report

FS-ISAC members around the world receive trusted and timely expert information that increases sector-wide knowledge of cybersecurity threats.

Learn More