As a result of the speed and impact of COVID-19, financial institutions around the world are racing to digitize products, services, and operations even faster than before. But in Asia, the pandemic’s first front, advanced digitization of financial services was already well underway. Our young population expects to be able to do nearly everything from their phones, so our journey from traditional bank to tech company started in 2014 and continues today.
Founded in 1968, DBS is Singapore’s largest bank, and now has operations in six key Asian markets. However, we don’t think like a traditional bank. In fact, our aspiration is to be part of the GANDALF group of companies: Google, Apple, Netflix, DBS, Amazon, LinkedIn, and Facebook. In the last six years, we have undertaken a top to bottom digital transformation, recognized in 2019 by Harvard Business Review as one of the top ten strategic transformations of the decade. Euromoney has also named DBS the world’s top digital bank for two of the last three years.
Digitization is not just about product and service delivery but also an institution’s processes, from customer service to product development. Our strategy has been driven by the question, “what would the CEO of a tech company or startup do?” We have adopted the tech mindset of designing both the customer and employee journeys, focusing on data-driven decision-making, and changing company culture. From a technology point of view, we stay at the cutting edge, using AI and data analytics to implement and manage our digital banking platform, as well as APIs and third-party relationships with fintechs to introduce new innovations quickly. We also experiment with new technologies like blockchain and even quantum computing.
It’s not just a vision. Embracing a digital strategy not only offers an improved customer experience and personalized services at lower costs, and also delivers higher efficiencies for the bank. DBS’ digital customers generate twice as much income, maintain higher loan and deposit balances, and cost up to 57% less to acquire than traditional consumers who visit a physical branch. Digital customers also consume 16 times more self-service transactions and clock a 27% return on equity, in contrast to 19% for traditional customers.
Unencumbered by the legacy systems of most banks, we are agile, and both our systems and processes are easy to update quickly. For example, with the advent of COVID-19, we were able to accelerate our contact-free banking efforts, enable new work-from-home processes to allow certain previously restricted functions to be done remotely (with added security measures), and even work with startups to enable restaurants to be able to move to online delivery and payments.
Our digital-first structure also allows us to quickly penetrate new markets, such as India and Indonesia, where setting up physical branches and infrastructure is expensive and time-consuming, not to mention challenging from a regulatory standpoint.
Of course, with expanding digital products and services comes a larger attack surface. New technologies are enabling us but also enabling cyber adversaries. For example, facial recognition technologies are in wide use around Asia. We use it in certain contexts, such as utilizing India’s official facial database as authentication for certain low risk transactions. But because of the proliferation of deepfakes, we recognize that facial recognition may have limitations as an authentication strategy – so with higher value and therefore riskier transactions, we implement more layers of authentication.
DBS is extremely risk conscious, and cybersecurity is top of mind for senior management, which translates to it being embedded into the design of all products. Like most of our peers, we are constantly looking at the risk vs. usability trade-off. We have implemented multi-layered defences based on the predict, deter, prevent, detect and response framework. We keep abreast of techniques and threats as they evolve in order to develop the appropriate countermeasures. We also hack ourselves, conducting periodic phishing and social engineering exercises to translate theoretical knowledge into day-to-day application for our employees. Our strategy is summed up as:
Since cyber threats know no borders, we are also plugged into the international network on cybersecurity. We are a member of FS-ISAC, and regularly conduct studies around the world to understand new risks and explore new techniques in defence. We strongly believe that open communication and sharing is key in cybersecurity. We also work with law enforcement to actively catch cyber criminals and ensure they can’t hide behind the many layers of digital anonymity they try to construct.
Cybersecurity has become one of the top priorities of regulators in Asia Pacific. MAS in Singapore and HKMA in Hong Kong have established comprehensive governance and guidelines for the industry. Within DBS, our cybersecurity governance framework applies to the entire group. It contains a whole set of management tools, a comprehensive risk management approach, and, importantly, a security awareness program covering everyone in the organization. At the same time, we have dedicated cybersecurity officers in each country and make sure that risks and regulatory requirements specifically for that country are well assessed, evaluated and managed. Digitization helps us take a unified approach to both compliance and risk, whether we are operating in the stricter regulatory regimes of Hong Kong and Singapore or pushing new opportunities in India and Indonesia.
Even before COVID-19, there was no choice when it came to digitization of financial services in Asia. China was the leader, with Alipay and Tencent bypassing credit cards completely in favour of digital wallets. Now they offer everything from loans to investments to insurance. Digital banking licenses are being issued in Hong Kong, Singapore, and South Korea. The Japanese e-commerce group Rakuten has expanded into credit cards, digital banking, investments, and insurance.
Newer fintech companies are also entering the market and quickly getting up to speed, understanding that customer trust is paramount. What might have been an advantage for banks in terms of a legacy of robust security and data protection is quickly giving way because the new players know they need that trust to be successful. We know this is true since we are seeing the fintechs poach cybersecurity professionals from the banking sector. Since we as banks need to be innovative and easy to use like the fintechs are, we are all meeting in the middle, which creates an ultracompetitive playing field. We had to disrupt ourselves, or we would have been disrupted.
Digitization of financial services in Asia is well ahead of much of the world, thanks to a young, digitally savvy population who expect to be able to access most services from their smartphone. While an established bank, DBS has undertaken one of the world’s leading digital transformation efforts, and now considers itself more a tech company than a traditional bank. In order to stay ahead in an ultra-competitive and innovative landscape, strong cybersecurity controls on digital platforms enable DBS to quickly expand across the region and into new markets while maintaining customer trust and regulatory confidence.
© 2020 FS-ISAC, Inc. All rights reserved.
In his current role, Seng Wei Keng is responsible for establishing and driving the enterprise strategy and program to ensure information assets and technologies are adequately protected and resilient. This includes driving...Read More
the adoption of innovative cybersecurity technologies for the bank. Under his leadership, DBS was the pioneer bank in introducing the digital soft token for two-factor authentication with the ‘money safe’ guarantee for digital banking, the first bank to obtain the Singapore’s Data Protection Trustmark (DPTM) certification and recognized as the winner of the Cybersecurity Awards 2019 by Association of Information Security Professionals. He is a cybersecurity practitioner and active member in various information security communities including the Expert Group of the Singapore government’s Public Sector Data Security Review Committee in 2019, the Association of Banks in Singapore’s Cyber Security Standing Committee, the cybersecurity working group of Infocomm Media Development Authority’s (IMDA) Services & Digital Economy technology roadmap, and Enterprise Singapore’s Coordinating Committee for Cybersecurity. Prior to this, Seng Wei was DBS’ Head of Infrastructure Management & Information Security Services. In this role, he led a team of professionals who provided core technology infrastructure availability and security services across the group. Seng Wei has over 20 years of experience in banking information technology, covering architecture design, engineering, cybersecurity and technology risk. He holds a Bachelor of Engineering Degree (First Class Honours) in Electrical & Electronics Engineering from the University of Manchester (UMIST).