View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Analysis
December 16, 2013updated 05 Jun 2017 11:21am

Exclusive: Fraud hits Singapore’s private banking industry

A slew of fraud cases has exposed Singapore to some negative press, raising concern for wealth managers and regulators alike on the effect on the credibility of the city-state as a secure wealth centre. PBI's Sruti Rao investigates.

By Sruti Rao

A slew of fraud cases has exposed Singapore to some negative press, raising concern for wealth managers and regulators alike on the effect on the credibility of the city-state as a secure wealth centre. PBI’s Sruti Rao investigates.

Singapore has developed a name for itself as a stable, secure and opportunistic wealth centre of Asia. The strength of the industry not only lies in the established operations of reputed players in the market, but is also grounded on the confidence HNW clients have on the sound practices of the regulators and the private banks of the market.

In recent months, several incidents of fraud and data breaches has raised eyebrows on the market and its exposure to systemic vulnerability.

Last month, PBI exclusively reported one of the most significant fraud cases in the region, of a Credit Suisse advisor siphoning out $13m from a client’s account, over a period of 6 years.

This month, Standard Chartered faced a significant debacle in their data security with 647 private banking client statements leaked to a hacker through a third party printer server at Fuji Xerox. Although the bank reassured in a media statement that "it has not found any unauthorised transactions resulting from the incident", there has nonetheless been inevitable reputational damage caused from this error.

Such fraud cases have risen in numbers over the last few years globally, and certainly isn’t new to Singapore. OCBC faced a similar case in 2011, whereby a relationship manager accessed the accounts of three customers to siphon out $4.8 million over the course of three years.

The effect of these cases on the bank in question is naturally detrimental, to their reputation and credibility in the market. Industry experts highlight the trend of fraud or investigatory units being set up in bigger banks, to possibly catalyse as a result of such incidents.


Effect on regulation

From the regulatory standpoint, the vulnerability of client data that is brought to light as a result of these events will compel the reputed Monetary Authority of Singapore to reassess their industry guidelines to ensure there are no gaps in the security foundation for banks.

Nizam Ismail, a partner at global law firm Taylor Wessing, RHTLaw, is of the expert view that the regulator will naturally scrutinize current measures to prevent systemic risk. As a result of the fraud measures, Ismail said: "Immediately, MAS will expect banks to perform remediation measures to identify reasons for any breaches, and how to prevent or mitigate the recurrence of such breaches going forward. It is possible that the regulators may look at whether there are broader, systemic issues that may require regulatory changes."

In a public statement made by the MAS in response to Standard Chartered’s data breach, the regulator reiterated their stern stance on the security of banks’ IT systems and client data confidentiality, highlighting the importance of external audits and effective controls. MAS said: "Globally, financial institutions (FIs) have been facing an increasing number and variety of cyber threats. The recent theft at SCB is an isolated case, but underscores the need for heightened vigilance in FIs, including close management of risks pertaining to service providers."


Reputational impact for Singapore

Given the established prominence of Singapore as a core wealth management centre in Asia, the industry is of consensus that the long term reputation of Singapore as a safe, secure and promising market remains unchanged. The resilience of this impression stems from the longstanding regulatory soundness, efficient and established businesses in the city-state that has won the trust and attention of HNWIs who engage with the market.

As Ismail elaborated, in a broader perspective, the inevitability of rare fraud events in such key financial centres, will do little to taint the reputation of the wealth centre in the long run. Ismail said: "Issues such as fraud and any issue of client confidentiality could potentially dent Singapore’s reputation as a wealth hub in Asia. Given the breadth and complexity of Singapore’s private banking business, the harsh reality is that we cannot totally eliminate fraud, despite its comprehensive and robust regulatory framework."

"What we have seen so far is that these incidents are sporadic, and not systemic. Overall, Singapore’s standing and reputation as robustly regulated international financial centre should remain intact. We can expect MAS and the affected banks to work towards addressing the reasons for the breaches, and to mitigate the risk of such incidents," he added.


Reassessing banks’ internal processes

Differing approaches of operational and process management by core banks in the region are brought to light to a larger extent as a result of Standard Chartered’s evident exposure to fraud with their current outsourcing system.

In contrast to SCB’s operations system, UBS and Bank of Singapore made statements in the local media that there is no transfer of their data to any external third party vendor, in their printing or any back-room operations.

A UBS spokesperson shared with PBI: "All our client statement printing is done in-house within the bank’s premises in Singapore. All data remains within UBS infrastructure at all times. At no point in the production process is data transferred externally to a third party vendor. We have in place clear policies, stringent monitoring system and access controls to ensure data security throughout the lifecycle of the information we handle – from creation and classification, to handling and processing, to dispatch and transport, to storage and finally, to destruction of information."

Reputational risk of such fraud cases should propel the industry to hone in on their services and processes with more concerned focus. Ismail said: "Banks typically take incidents of fraud and breaches involving client information very seriously, as their business is built on reputation. We can expect banks to thoroughly review their process to understand how these breaches occur, and set out remediation measures. Policies, processes and governance framework are likely to be relooked."

With regards to the regulatory changes that may arise on managing third parties, Ismail reflects that the framework in place to handle third party risk is already relatively detailed in its approval and execution process. Nonetheless, further inspection and scope for development may be considered. "MAS already has one of the more stringent outsourcing regimes. It has tightened technology risk guidelines, and made more stringent requirements for any outsourcing involving client information. However, this can only mitigate, but not totally eliminate any risk of theft of data," said Ismail.

He added: "It is likely that there would be greater regulatory expectations and thematic inspections done by MAS on the scope of outsourcing (service-level agreements), the IT security processes, and procedures for banks to work with service providers."


Maintain trust in the market

Trust is a paramount component of the long-term relationship of clients with the bank. Fraud cases are common globally and exclusive cases in Singapore are few and far between. In a broad perspective, the effect of these fraud cases on the perception of Singapore as a core centre for wealth management that has developed over the years will not change to a large degree. Nonetheless, the market is reacting with increased diligence to prevent any reputational impact on the core banks and the market system.



NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday. The industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy


Thank you for subscribing to Private Banker International