Over the coming years, Singapore is poised to witness significant transformations in digital financial services, particularly in three key domains: the emergence of Web 3 and decentralised finance, the widespread integration of artificial intelligence (AI) and the implementation of machine learning (ML) technology.
Prioritising strong governance and compliance should be at the top of the Banking, Financial Services, and Insurance (BFSI) sector’s list of objectives. Adherence to regulations, following rules and taking responsibility can greatly enhance services, ensure safety, and enhance the client experience.
Employing a centralised data protection solution enables consumers to track and verify if and how their data is being protected data across various workloads. When clients have the ability to do so, they can be confident that their data is being adequately safeguarded. Moreover, this can ensure that recovery time objectives and IT audit compliances are met.
Combatting threats such as malware and ransomware, along with ensuring overall cybersecurity, requires a strategic approach across multiple levels. This includes actively monitoring for potential issues and regularly backing up data. Storing immutable copies of data in a secure location can prevent malware from encrypting them.
In addition, data intended for recovery should undergo scanning and cleaning by the organisation’s anti-virus solution to ensure that any potentially harmful data, also known as “dirty” data, is not inadvertently reintroduced into production systems.
Ensuring seamless operations while mitigating the risks of ransomware and other cyber-attacks can be challenging. However, modern data protection solutions have demonstrated their ability to reduce costs, enhance automation, enhance human capabilities and identify innovative ways to reuse data to generate new value.
The OpenGov Breakfast Insight on 22 March 2023 held at the Voco Orchard Singapore aimed to share insights and practical solutions to empower organisations to maximise data capability through cost-effective, secure and automated data-driven processes that adhere with current data regulations and comply with the standards of Singapore’s Banking, Financial Services and Insurance industry.
Opening Remarks
Kicking off the session, Mohit Sagar, CEO & Editor-in-Chief, explains that financial data management is a set of processes and policies, usually helped by specialised software. This approach enables an organisation to merge its financial data, adhere to accounting regulations and legal requirements, and generate comprehensive financial reports.
The regulatory body responsible for overseeing Singapore’s financial institutions and establishing guidelines for data management and protection is the Monetary Authority of Singapore (MAS). According to its regulations, financial institutions are required to implement robust policies and procedures for managing data, including appropriate classification, handling and protection.
“Financial institutions must ensure that adequate security measures are in place to mitigate the risks of data breaches and cyber threats. This could include implementing strong encryption protocols, regularly testing systems for vulnerabilities, maintaining up-to-date software and hardware and training on cybersecurity best practices,” Mohit emphasises.
The Personal Data Protection Commission (PDPC) serves as the data protection authority in Singapore, responsible for enforcing compliance with the Personal Data Protection Act (PDPA). The Act sets a baseline level of data protection that must be followed by all sectors operating in Singapore.
Additionally, the PDPA also mandates that organisations obtain individuals’ consent before collecting, using, or sharing their personal information. The PDPC is empowered to investigate any breaches of the PDPA and impose penalties for non-compliance.
Data recovery refers to the process of getting lost, deleted, corrupted or inaccessible data back from storage media like hard disk drives, solid-state drives, USB drives, or other types of data storage devices. Several companies in Singapore offer data recovery services that specialise in getting data back from different types of storage media used by financial institutions.
“It’s important to remember that data recovery services can be expensive, and it’s always best to have a full data backup and disaster recovery plan in place to minimise the risk of losing data,” is Mohit’s caveat. “Establishing a robust backup and recovery system can help avoid the need for expensive data recovery services and ensure business continuity in the event of a data loss incident.”
The protection of sensitive financial data from unauthorised access, theft and cyberattacks is a top priority for Singapore’s financial institutions. To achieve this, they employ a range of security measures, including encryption, access controls, firewalls, regular updates and patches, employee training and awareness programs, penetration testing, and incident response planning.
These safeguards work together to create a comprehensive data security framework that helps to prevent data breaches and protect the integrity and confidentiality of financial data.
“Under the PDPA, financial institutions must obtain the consent of individuals before collecting, using, or disclosing their personal information,” Mohit reiterates. “But while this is the norm, there are exceptions to this rule.”
Concessions are allowed under certain circumstances, such as legal obligations or the prevention of criminal activity. As an example, financial institutions may disclose personal information to law enforcement agencies to comply with legal requirements or to prevent potential criminal activity.
Mohit understands that risk mitigation is a crucial component of risk management in Singapore’s financial sector, and financial institutions employ a range of strategies and tools to identify, evaluate and reduce the risks they face.
Diversification, risk transfer, risk avoidance, risk monitoring and reporting, contingency planning, and strong governance and compliance frameworks are examples of risk mitigation strategies utilised by financial institutions in Singapore.
Financial institutions consider the development of a data exit strategy and recovery plan as an essential part of their risk management. The process involves identifying crucial data, anticipating exit scenarios, creating a recovery plan, establishing data backup procedures, testing the recovery plan, and maintaining the plan by updating, reviewing, and monitoring it regularly.
“By adhering to these steps, financial institutions can establish a robust data exit strategy and recovery plan that ensures the protection and recovery of vital data in the event of a data breach or system failure,” Mohit ends.
Welcome Address
According to Raymond Goh, Veeam’s Vice President of Sales Engineering for APJ, the banking, financial services and insurance (BFSI) industry has experienced significant changes over time and has had to contend with various challenges such as regulatory compliance, cybersecurity threats, and the need to innovate to stay competitive.
The pandemic has accelerated the industry’s digital transformation, resulting in a greater demand for digital banking services. However, it has also introduced new challenges, such as physical branch disruptions and an increased risk of cyberattacks.
“Despite the challenges, the industry can provide value to its customers by leveraging new technologies and innovative strategies.” Raymond is convinced “To effectively manage risks, BFSI institutions must continue to invest in digital infrastructure, cybersecurity measures, and advanced analytics.”
The FSI journey from 1866 to the present has been remarkable; from brick-and-mortar establishments to the current digitised systems, payment apps, digital wallets, contactless payments, crowdfunding platforms, and many others.
Financial systems can be affected by various disruptions, including funding and liquidity issues, asset price declines, contagion effects and heightened credit risk. The impact of a crisis on the financial sector is largely determined by the sector’s ability to mitigate four risks: market risks, liquidity risks, credit risks, and earnings risks.
“The rise of FinTech and non-bank startups are altering the competitive landscape in financial services, forcing traditional institutions to reconsider their business practices,” Raymond reiterates. “Old school processes and legacy systems are no longer relevant in the digital world, and indeed, can be a hindrance.”
Financial institutions must foster an innovative culture that promotes innovation and utilises technology to streamline existing processes and procedures for optimal efficiency. This cultural shift towards a technology-centric mindset mirrors the broader industry acceptance of digital transformation.
Raymond recognises that today’s consumers are more knowledgeable, sophisticated and informed than ever, and they demand a high degree of customisation, personalisation and convenience from their banking services.
It is predicted that future generations, starting with Generation Z, will have an even greater preference for omnichannel banking and be more technologically savvy than Millennials.
Organisations using obsolete business management software or siloed systems will be unable to compete in this increasingly digital-first environment. Without a solid, futuristic technological foundation, businesses will miss out on crucial business evolution.
“In other words, digital transformation is no longer merely a good idea, but a necessity for survival,” Raymond states.
Financial service organisations that use cutting-edge business technology, particularly cloud applications, have a significant advantage in the digital transformation race as they can innovate more quickly. The agility and scalability of cloud technology are its strengths. Without the constraints of system hardware, cloud technology allows systems to evolve in tandem with the business.
Raymond agrees that banking is being reshaped as regulations tighten and consumers adopt new technologies and demand 24/7 access to their most sensitive data, regardless of device.
As a result of a string of high-profile breaches in recent years, security is one of the leading challenges facing the banking industry and a major concern for bank and credit union customers. Financial institutions must invest in the most advanced technologically driven security measures, such as Authentication, End-to-End Encryption (E2EE) and Address Verification Services (AVS), to protect customers.
Financial services are increasingly confronted with issues related to auditing as the frequency of data breaches and privacy concerns continue to increase. This has led to more stringent regulatory and compliance requirements.
Compliance with financial data protection standards is subject to strict regulations and audits entail some of the most rigorous requirements in modern business, often involving the need to manage highly complex IT infrastructures.
Adhering to and conducting annual disaster recovery (DR) testing regularly can be both expensive and resource-intensive.
From a financial standpoint, any amount of downtime is unacceptable, and banks may face significant penalties for revealing confidential information. The centralisation of remote or branch offices (ROBO) can exhaust an organisation’s resources and bandwidth.
Businesses around the world were heavily impacted by the pandemic, causing considerable disruption and presenting numerous challenges. These challenges demand innovation, the necessity for enhanced employee engagement, rapid market changes and quality improvement.
In this scenario, FinTech and its underpinning technology will be major disruptors. Blockchain will shake things up; digital will become mainstream; customer intelligence will be the most significant predictor of revenue growth and profitability; the public cloud will become the dominant infrastructure model; and regulators will also turn to technology.
The common theme among these is resilience, trust and data agility.
Over the last two years, the Financial Services Industry has placed significant importance on specific issues. Some key initiatives are modernising the IT operating model to adapt to the new normal, simplifying legacy systems to decrease costs, enhancing the technological capabilities to better understand customer requirements, preparing the architecture to facilitate connections with any device or location and prioritising cybersecurity measures.
FSI organisations face distinct challenges due to their strong customer relationships, financial accountability and regulatory oversight. These challenges include effectively managing regulatory and capital costs, improving operations and customer experiences to meet modern standards, safeguarding against cyber threats and ransomware attacks and ensuring data and privacy security.
According to Raymond, Veeam plays a major role in addressing all these areas and can offer unique solutions to the various opportunities and challenges that FSI organisations may encounter. Veeam’s solutions encompass streamlining and automating operations, facilitating cloud migration and modern application development, ensuring data immutability, and effectively managing privacy, risk, and compliance.
“By embracing digital transformation, utilising big data analytics, forming strategic partnerships, having strong compliance and cybersecurity frameworks and investing in talent development programmes, FSI organisations can take advantage of opportunities and address challenges,” Raymond believes.
End-user Insight
Luis C Cruz, Executive Director, Head of Automation, Infrastructure for DBS Big Data, AI and Analytics, DBS Bank Ltd is convinced that by aligning IT initiatives with the company’s overall business objectives, a comprehensive IT strategy can help businesses deliver long-term shareholder value.
“This strategy entails identifying the company’s current and future technology requirements, evaluating potential technology solutions, and developing a plan for implementing those solutions,” Luis explains.
By doing so, the company can ensure that its IT investments support business growth and profitability while reducing costs and boosting efficiency. In addition, a comprehensive IT strategy can help the business gain a competitive advantage by leveraging emerging technologies and optimising the IT infrastructure.
A comprehensive IT strategy can generate long-term shareholder value by enabling organisations to make informed decisions about technology investments and leverage technology to achieve business goals.
A robust IT strategy:
- Aligns with organisation goals and governance
- Adapts to the marketplace and changes how our employees work
- Is focused and consistent
- Honestly identify challenges
- Would be authentic, clear and understood
- Is memorable with a compelling tagline and value proposition
- Has to be actionable towards a goal
- Shows where to play and how to win
Providing foundational infrastructure capabilities that support business objectives and delivering applications and solutions to aid employees in achieving their desired business outcomes are examples of company strategies that are enabled by IT.
“The concept of SMAC or Social, Mobile, Analytics and Cloud stack, is an example of a technology strategy that is widely used throughout the industry and by IT leaders,” Luis reveals. “It all comes down to the customer experience.”
Determining the optimal approach, timing and speed (the how, when and pace) of SMAC implementation is crucial as it forms the basis for leveraging big data in corporations. As IT leaders, Luis anticipates the need to stay up-to-date on SMAC trends and implications relevant to their roles. A perfect example of a company that effectively leverages SMAC-stack infrastructure is an online streaming service provider website.
To generate sustainable shareholder value, businesses must cultivate strategic and functional IT competencies, enhance tools that improve the IT function and promote a customer-centric culture. These efforts will fortify the organisation’s internal processes and enable the development of an efficient decision support system, as well as the delivery of transformational applications.
In addition to benefiting the company, these efforts will also benefit customers by enabling enterprises to provide consistent, high-quality IT services and innovative IT solutions to business units. This will allow organisations to optimise IT efficiency and enhance its impact on enterprise outcomes, ultimately driving long-term investor value.
“IT strategy is influenced by several internal and external factors,” ends Luis. “And understanding these is critical for developing a successful IT strategy that aligns with the organisation’s overall goals and objectives.”
Closing Remarks
Raymond acknowledges the significance of data backup as a critical aspect of maintaining data resilience and availability but emphasises that it is only one aspect of a comprehensive strategy.
Data backup is a single component of ensuring data availability and resilience in hybrid cloud environments. In addition to backup solutions, it’s essential to consider other factors that can affect data resiliency and availability, such as infrastructure and data proximity, Raymond opines.
“Data proximity, the physical location of data in relation to its applications, is a crucial factor to consider when designing hybrid cloud environments. These factors must be taken into account to ensure that hybrid cloud environments are designed optimally to meet the needs of applications and data requirements.”
By adopting solutions such as edge computing or hybrid cloud architectures, organisations can ensure data proximity. These solutions enable data to be stored and processed closer to where it is required, which can improve application performance and ensure data resiliency and availability.
This involves ensuring that there are adequate computing, storage, and networking resources available to support the workload, as well as having a highly available and resilient infrastructure to mitigate the risk of outages.
“Veeam provides data resiliency through secure backup and fast, dependable recovery solutions for the hybrid cloud of the organisation,” Raymond explains. “Our solutions are intended to safeguard critical data and applications, prevent data loss and enable rapid and dependable recovery in the event of a disaster or outage.”
Veeam offers solutions designed to help organisations achieve their business continuity and disaster recovery goals by ensuring data resiliency and availability in their hybrid cloud environments.
Mohit concurs that with the increasing volume of data being produced and stored every day, data protection has become increasingly crucial. Businesses are adopting techniques that allow for data restoration in the event of loss or corruption.
“As organisations continue to produce and store more data, it is becoming increasingly difficult to ensure the security and protection of that data,” Mohit observes.
In this VUCA landscape, technology can provide significant benefits to organisations in protecting their data. Implementing technological solutions helps businesses to secure their data from loss, theft and unauthorised access. It also ensures quick data restoration in emergency or outage situations.
“In essence, the purpose of technology partnerships is to assist businesses in implementing and improving their technical systems,” Mohit believes. “There is no doubt: collaboration in technology promotes growth, eases processes and reduces timelines.”
Two heads are better than one when it comes to implementing established technology systems. But while a technology partnership can effectively deliver technical expertise, it is important not to underestimate the value business acumen offers in return.
“Ultimately, collaborating and pooling resources can prove to be a highly effective approach in propelling both parties towards progress and innovative solutions,” Mohit concludes.