SGFinDex is a public digital infrastructure which uses national digital identities and a centrally managed online consent system. The Monetary Authority of Singapore has responded to press comments about potential vulnerabilities to holding information in "one place".

Singapore’s main regulator has countered a newspaper article that voiced worries about how the newly-launched Singapore Financial Data Exchange – aka SGFinDex – could sweep bank accounts and other data into a single site, creating a juicy target for thieves or other wrongdoers.

The Straits Times (18 December) carried an article entitled “Risk of Having All Financial Data in One Place”, commenting that “It has been stated that (SGFinDex) is a secure and safe platform that will enable a person to consolidate all the information from his bank accounts and make financial planning easier. Should SGFinDex ever be compromised, would the financial data of the person be exposed or, worse still, be at risk of being stolen or misused?”

The Monetary Authority of Singapore, responding to the article (written by Goh Khee Kuan), said: “SGFinDex will not consolidate individuals’ financial information in one place. Rather, it enables individuals to use financial planning applications to access their financial information held across different government agencies and financial institutions. SGFinDex only transmits the data, it does not keep a copy of it. It does not introduce a single point of compromise of the individual's financial data.”

The exchange was launched earlier in December. 

SGFinDex is a public digital infrastructure which uses national digital identities and a centrally managed online consent system. The system is built on Singapore's national digital identity SingPass and has been developed by the public sector in collaboration with The Association of Banks in Singapore and seven participating banks.

By using SingPass, Singaporeans can access their personal financial information such as deposits, loans from those participating banks, as well as financial information such as central provident fund balances from relevant government agencies.

MAS said worries over the system were unfounded.

“In addition, stringent security measures have been put in place to safeguard the data as it transits through SGFinDex. Financial data can be retrieved only with the explicit consent of the individual, whose identity must be verified through SingPass and the relevant banks’ authentication measures. The data is also encrypted when retrieved through SGFinDex and only the financial planning application authorised by the individual can decrypt the data received,” MAS added. 

The issue highlights how attempts to consolidate clients’ data on one platform, while obviously convenient, creates new risks without adequate safeguards. The advent of what is called “open banking” in some countries is a development requiring cybersecurity care. (Open banking is a banking practice that provides third-party financial service providers open access to consumer banking, transaction, and other financial data from banks and non-bank financial institutions through the use of application programming interfaces.)