DBS Group Holdings Ltd
Annual Report 2023
Asset quality remained healthy. With an evolving environment due to geopolitical tensions, we stayed vigilant to the potential impact on our portfolio. We continued to focus on delivering on our Technology Risk Management Uplift Programme to strengthen technology resiliency.
Listen to this chapter
0:00 / 0:00
In 2023, most central banks continued to keep interest rates elevated as inflationary pressures persisted, raising risks of recession, refinancing challenges, and real estate price correction. Continued rate hikes and potential impasses in the United States debt ceiling exacerbated already volatile markets.
Notwithstanding these headwinds, DBS’ overall credit quality remained benign, with low non-performing loans rate at 1.1% and specific allowances at SGD 512 million. We stayed vigilant with portfolio reviews and stress tests on both the loan book and traded portfolio. Large corporates were assessed to be generally resilient due to their strong financial position and ability to pass on higher costs. While the SME corporates were assessed to be the most vulnerable, our SME portfolio had been stress-tested comprehensively in previous years and was mostly on a secured basis with acceptable financing quantum.
Unsecured consumer credit loans which comprised less than 2% of our portfolio, saw an uptick in delinquency, which we mitigated by proactively intensifying collection actions. Residential mortgages, which were primarily in Singapore and Hong Kong, were mainly for owner-occupation and well-secured with low loan-to-value ratios. Regular and ad-hoc stress tests were also conducted during the year to evaluate the potential impact of adverse market prices on our traded portfolios.
Overall, our portfolios were assessed to be resilient with the relevant risk mitigation strategies in place. DBS will continue to monitor the potential downstream effects.
With the failure of several US regional banks and Credit Suisse in early 2023, the year also saw one of the most significant system-wide banking stress periods since the 2008 global financial crisis. These stresses underscored the speed and scale of outflows through digital channels and how these could significantly contribute to liquidity stress.
Whilst our liquidity profile remained healthy and well-diversified, we took the learnings from these events to heart, and critically evaluated our access to funding during periods of stress. Various initiatives were undertaken to strengthen our liquidity channels to ensure swift access to alternative liquidity sources when warranted. We also continued to engage our customers and deployed strategies to maintain our deposit base in a high interest rate environment.
Furthermore, we reviewed our credit exposure to banks for potential similar balance sheet and liquidity issues, and our portfolio was generally assessed to be stable as our exposure was primarily to strong global systemically important banks.
2023 saw elevated macroeconomic and geopolitical risks in the region, underscored by uncertainties over China’s economic recovery, risks to its real estate sector and escalating US-China tensions.
Despite the challenges posed by China’s weak consumer confidence and spending, and export weakness on the back of soft global demand, our portfolio remained resilient as our corporate exposure was mainly to top industry players, and consumer exposure was limited. While the real estate sector continued to face headwinds, our Chinese real estate exposures were mainly to larger and investment-grade names, with the remaining exposure generally well-secured. As contagion risks from the real estate market stayed elevated, we remained cautious and closely monitored our exposures.
We observed the imposition of restrictions by US and its allies which tightened China’s access to advanced semiconductors and chipmaking gear. While there was no immediate impact to our portfolio, we continued to closely monitor the situation as it evolved.
As we continued to expand our presence in North Asia, our risk strategies were multipronged, including assessing our readiness in the event of tail risk scenarios such as business restrictions due to potential sanctions. Notwithstanding these, our focus continued to be on the longer-term opportunities in China, including risk strategies to support companies looking to diversify their supply chains and operations with a “China plus one” strategy.
After the digital disruption in March, the Board convened a Special Board Committee (SBC) to oversee a full review of the disruption and engaged two independent experts to support them. It also appointed an independent third party, Accenture, to carry out a root cause investigation of this incident and a subsequent one in May. The appointed party conducted a comprehensive review of the bank's digital banking services, including our control processes and technology stack. The findings of the review - completed in August - were also corroborated against subsequent disruptions.
Through the enhanced oversight, we believe that we have identified the key gaps and deficiencies, which are mainly in the areas of technology risk governance and oversight, incident management, system resilience and change management. To address these gaps and deficiencies, a comprehensive technology roadmap led by the CEO has been put in place to improve resiliency.
The Board Risk Management Committee (BRMC) established the BRMC Technology Risk Committee (BTRC) for dedicated oversight of technology risk. The BTRC oversees the implementation of the remedial measures that would be carried out to address the findings of the Accenture review and the completion of the technology roadmap.
To enhance independent checks and balances, we transferred the Technology Risk Management team to the Risk Management Group. Since then, a new Group Head of Technology Risk was onboarded and the team’s bench strength expanded with specialised expertise. We strengthened our Site Reliability Engineering with new leadership and also created a new Quality Assurance function to provide an additional independent layer of verification, controls and checks over the bank’s change management process. A new Group Technology Risk Committee (GTRC) was constituted to enhance the oversight and management of technology risk by senior management.
Relating to incident management, we established clearer ownership and management of incidents within the bank, as well as between the bank and its service providers and vendors. We also embarked on proactive problem management through the active review of early warning indicators, identification of other possibly affected areas, and taking preventive actions.
To this end, a six-month pause on nonessential IT activities was instituted at DBS to focus on improving technology resiliency.
Read more about “Driving the resiliency and reliability of our technology” in the CIO statement.
The money laundering and sanctions threat landscape continued to evolve. Our investments in developing, deploying and operationalising new tools based on data analytics and artificial intelligence/ machine learning (AI/ ML) proved to be effective. In many cases, the tools demonstrated two to four times better detection than historical controls with greater efficiency of 10-30%. These capabilities were particularly effective at detecting and interdicting money laundering and sanctions evasion networks of shell companies. Notwithstanding this, criminals would likely alter their methods and we would need to devote efforts to preventing exploitation of citizenships in the consumer bank, as well as new techniques to increase customer protection against scams and the laundering of proceeds from scams.
We also actively participated in and contributed to many initiatives, both domestic and international.
To combat digital payment scams, we implemented new surveillance measures to detect malware and used AI to detect anomalies in customer account behaviour which could indicate a scam victim or a mule. We also introduced new self-managed security features like a Security Checkup Dashboard and DigiVault. DigiVault enables our customers to safekeep their money digitally, which was akin to a virtual safe deposit box. These measures added friction to the customer journey but were necessary to help our customers bank with us with peace of mind. We also regularly collaborated with law enforcement agencies in their operations. For example, a one-month joint operation with the Singapore Police Force in mid-2023 mitigated over SGD 21 million in potential scam losses.
Read more about “Preventing Financial Crime” in the Sustainability Report.
Climate change posed long-term change to risks on our portfolio, and banks had a crucial role to play in moderating how we lend to high-risk sectors. In 2023, we focused on enhancing environment, social and governance (ESG) risk capabilities including integrating ESG risk assessments into credit risk underwriting, establishing a centralised data repository to support climate risk with business intelligence, and enhancing scenario analysis models for transition risk assessment.
Alongside such developments, we also invested widely in our people, with over 1,800 relationship and credit managers completing comprehensive climate activation training programmes in 2023.
Read more about “Responsible Financing” in the Sustainability Report.
Building on our long-standing track record of leveraging digitalisation, this year’s initiatives spanned various risk types, including improvements in our risk management capabilities and workflows in collateral management, credit control and liquidity risk management.
We continued maturing the use of AI/ ML for credit underwriting and early warning for the consumer and SME banking businesses. These enhancements enabled scale and speed with efficiency to drive greater business success, improve customer experiences, and strengthen risk management.
Since 2019, our efforts in this area have yielded numerous benefits, such as generating deeper risk insights into our portfolios and improving fraud detection. By leveraging non-traditional data, we were also able to expand our addressable market in the consumer and SME space, with multi-fold increases in new loan applications and book size in ecosystem lending.
As we expanded the use of data and analytics in DBS, we remained focused on ensuring our data governance capabilities are fit for purpose. Our data governance framework was developed along three prisms: (a) a baseline prism (data security, data quality, and legal and regulatory compliance), (b) an ethical prism – PURE (Purposeful, Unsurprising, Respectful and Explainable) – for the responsible use of data, and (c) an AI governance prism (AI/ ML based systems and models), including the new and amplified risks associated with Gen AI.
While we have a larger footprint in India post full integration of Lakshmi Vilas Bank at the end of the last year, the portfolio, primarily consisting of lending to large corporates with a growing SME and consumer book, remained resilient and stable.
The integration of Citigroup Inc.’s consumer banking business in Taiwan was completed in August 2023. To effectively manage the risks associated with a larger franchise, we have deepened the expertise of our risk management team and strengthened processes.
Soh Kian Tiong
Chief Risk Officer
DBS Group Holdings
Strengthen technology resilience through governance, people/ leadership, systems and processes
Proactively monitor emerging economic challenges and geopolitical developments and implications for our portfolios
Continue to strengthen risk management capabilities and streamline end-to-end processes and controls across all markets
Enhance climate risk management and stress testing capabilities
Continue to mitigate financial crime and cyber threats through controls, systems, analytics and effective communication