Singapore ‘mantrapping’ away Hong Kong financial competitiveness
High security standards for data centres in Singapore are pulling bank headquarters away from Hong Kong
Good luck breaking into a Singaporean data centre.
The city-state’s financial regulator has set up a test for centres looking to host sensitive data from banks, called a threat vulnerability and risk assessment (TVRA).
In order to pass, the centres must weather severe natural disasters and even attacks from rocket-propelled grenades.
Intruders to one of these heavily guarded units should beware of the “mantraps”. This type of security door will lock down upon detecting a breach, trapping within bewildered, defenceless data burglers.
The test also has an equally stringent cyber security assessment in place to ensure the centres can keep most hackers out.
The grenade defence and the mantraps might seem like overkill but they are pulling banks toward Singapore instead of Hong Kong as concerns over data security rise.
“It could just be a marketing element from the regulator. But if it is, it’s a good one,” Krupal Raval, senior vice president for finance at Digital Realty, told the South China Morning Post in an interview. “From a banking perspective, we see more activity in Singapore. That’s because [regulators] are more proactive in reaching out.”
By “reaching out”, Raval means that the Monetary Authority of Singapore is signalling to banks and other financial institutions they can safely outsource sensitive data operations. The TVRA is the monetary authority’s stamp of approval on the centres at a time when a data breach on banks can spell out massive fines and a loss of reputation.
Digital Realty is one of the world’s biggest data centre companies, with major hubs in both Hong Kong and Singapore.
The 177,000 square-foot facility in Singapore has passed the TVRA test, something that the company said has attracted the interest of financial institutions looking to outsource sensitive financial data from clients.
Not so for Hong Kong, however. Digital Realty operates an even larger centre in the Tseung Kwan O industrial estate. It has a tier-III rating from the Uptime Institute, which is mainly concerned with how much time the plant must be shut down in order to be maintained.
While Raval says that site is just as secure as the one in Singapore, banks are less likely to outsource in Hong Kong without a financial regulator’s thumbs-up on the centres. Financial institutions in Singapore can outsource data operations only to centres that have the TVRA. Hong Kong regulators do not have an equivalent assessment. Spokespeople at the Hong Kong Monetary Authority and Financial Services and the Treasury Bureau said they could not answer questions on the topic.
“It would be an opportunity for Hong Kong going forward,” Raval said of instituting a similar test. And a missed opportunity for the time being as companies holding sensitive client data search for safer but cheaper ways to do their businesses.
Banks have traditionally built expensive in-house data centres to reduce the risk of breaches. Offering regulator-approved choices for outsourcing the work presents an attractive option for financial firms moving to Asia.
The stringent regulations for data centres were just part of Singapore’s digital competitiveness. The 15 submarine fibre optics cables connected to the city have boosted connectivity and lowered costs, says Clement Goh, South Asia managing director at Equinix.
“As such, a multitude of companies are not just flocking to Singapore but choosing to headquarter their businesses here,” he says. Equinix is another one of the world’s biggest data centre companies with centres in both Hong Kong and Singapore. “This definitely gives us a competitive edge over our other counterparts in the region without such regulatory measures in place.”