Daily Dash: Malaysian Regulator Fines Two Banks For Downtime During Outages

• Malaysian Regulator Fines Two Banks For Downtime During Outages
• Reserve Bank Of India Raises Doubts About Bank Disintermediation Due To CBDC
• Singapore Partners With Major Banks To Study Quantum Security
• Hong Kong Launches Sandbox To Accelerate AI Adoption In Financial Services
• India To Increase UPI Transaction Limit For Tax Payments
• Philippines Lifts Pause On Establishment Of New Digital Banks
• European Commission Opens New Consultations On eIDAS 2
• Russian Central Bank Issues Draft Directive On Money Transfer Security

Malaysian Regulator Fines Two Banks For Downtime During Outages

Bank Negara Malaysia (BNM) has issued fines to Maybank and CIMB, two of the country’s largest banks, due to prolonged outages during service disruptions.

Between June 2023 and May 2024, Maybank’s Regional Mobile Banking Platform (RMBP) and MAE applications experienced multiple instances of unplanned downtime, causing disruptions to banking services.

On April 8-9, 2024, CIMB customers experienced prolonged service disruptions that affected online banking channels, ATMs, debit and credit cards.

Under Malaysia’s Risk Management in Technology (RMiT) regulations, cumulative unplanned downtime that affects user interface must not exceed four hours on a rolling 12-month basis, and the maximum downtime is 120 minutes per incident.

After exceeding these limits, Maybank has been fined RM 4,320,000 ($1m) and CIMB RM760,000 ($171,000).

Reserve Bank Of India Raises Doubts About Bank Disintermediation Due To CBDC

A deputy governor of the Reserve Bank of India (RBI) has warned that the risks of bank disintermediation due to retail central bank digital currencies (CBDCs) are “largely unknown”.

Speaking at an event hosted by the International Association of Deposit Insurers (IADI), Dr Michael Debabrata Patra said that bank deposits could be threatened if consumers come to see retail CBDCs as a “safe haven”.

He said deposit insurers need to be aware of these risks during banking crises when depositors are panicking, especially in cases where uninsured deposits are more likely to be withdrawn and converted to CBDC.

Nonetheless, Patra said that CBDCs are an innovation that merits “special attention” at the RBI, and he reminded listeners that the RBI is currently piloting both wholesale and retail CBDC.

Singapore Partners With Major Banks To Study Quantum Security

The Monetary Authority of Singapore (MAS) has partnered with DBS, HSBC, OCBC and UOB to study the application of Quantum Key Distribution (QKD) in financial services.

QKD can help financial institutions (FIs) protect the exchange of cryptographic keys to address the cybersecurity threats posed by quantum computing.

As noted by the MAS, quantum computing technology has developed rapidly and has demonstrated the potential to break commonly used cryptography and encryption algorithms. 

The MAS and the participating banks will experiment with QKD solutions jointly provided by technology partners SPTel and SpeQtral.

A proof-of-concept sandbox will evaluate the viability, effectiveness and applicability of QKD to financial services.

The partners will also validate the security properties of QKD, by testing its ability to detect eavesdropping attempts and prevent unauthorised access or tampering of QKD transmissions.

Hong Kong Launches Sandbox To Accelerate AI Adoption In Financial Services

The Hong Kong Monetary Authority (HKMA) has partnered with local technology firm Cyberport to launch a Gen AI Sandbox for the financial services sector.

The sandbox aims to produce insights that will inform the HKMA and help to keep its best practice and guidance material on AI up-to-date with the latest technology developments.

Eddie Yue, chief executive of the HKMA, said the Gen AI Sandbox will allow banks to pilot novel Gen AI use cases within a risk-managed framework, supported by essential technical assistance and targeted supervisory feedback.

“Banks are encouraged to make full use of this resource to unlock the power of Gen AI in enhancing effective risk management, anti-fraud efforts and customer experience,” he said.

India To Increase UPI Transaction Limit For Tax Payments

The Reserve Bank of India (RBI) has confirmed that it will increase the limit on UPI transactions that are made for tax purposes.

Last week, RBI governor Shaktikanta Das confirmed that the transaction limit on tax payments via UPI be raised from ₹100,000 to ₹500,000.

Currently, the standard transaction limit on UPI is ₹100,000, although certain types of payment have higher transaction limits.

Das also said the RBI is considering a delegated payments facility on UPI. This would allow a second individual to be linked to a UPI account as a user, without having to link their own bank details to the account.

“This will further deepen the reach and usage of digital payments,” said Das.

Philippines Lifts Pause On Establishment Of New Digital Banks

​The Bangko Sentral ng Pilipinas (BSP) has approved the lifting of a moratorium on the granting of new digital banking licences.

On January 1, 2025, the BSP will resume granting new digital banking licences, and will allow a maximum of ten digital banks to operate in the country.

Since the issuance of the Digital Banking Framework in December 2020, six digital banks have been operating in the Philippines, opening an opportunity for four more to join them.

Eli Remolona Jr., governor of the BSP, said the limit will allow the BSP to monitor developments in the sector and assess the impact of the entry of new players on the banking system.

He added that the granting of new digital bank licences also includes the conversion of an existing bank’s licence to digital bank licence.

European Commission Opens New Consultations On eIDAS 2

The European Commission has opened a selection of public consultations for the Implementing Acts under eIDAS 2, which lays the groundwork for interoperable digital identity solutions in the EU.

Stakeholders are invited to provide feedback on five separate consultations by September 9. The commission plans to adopt the Implementing Acts in the fourth quarter of 2024.

The consultations address key aspects of the European Digital Identity Wallets. One consultation focuses on certification requirements, including when member states need to establish national certification schemes to supplement European cybersecurity standards. 

Another aims to ensure the proper implementation of protocols and interfaces, facilitating smooth data sharing and communication between wallet units.

Additionally, the commission is seeking feedback on rules to ensure wallet interoperability, enabling secure online cross-border identification and electronic signatures.

Another consultation targets lifecycle management of personal identification data and electronic attestations, covering issuance, verification, revocation and suspension to safeguard user data.

Russian Central Bank Issues Draft Directive On Money Transfer Security

The Central Bank of Russia (CBR) has published a draft directive aimed at enhancing information protection protocols in the national payment system. 

Key provisions in the draft include mandatory implementation of top-tier information protection measures by money transfer operators and payment infrastructure service providers.

Additionally, the directive introduces stricter reporting deadlines for incidents and mandates ongoing monitoring and improvement of software and technology used in processing protected information.

Stakeholders are invited to submit their feedback on the draft by August 25, 2024.