Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

Security Issues
Reference:

Determining Security Factors for Digital Infrastructure in the Financial and Banking Sector: Singapore's Approach

Gorian Ella

ORCID: 0000-0002-5962-3929

PhD in Law

Associate Professor, Vladivostok State University

690014, Russia, Primorsky Krai, Vladivostok, Gogol str., 41, office 5502

ella-gorjan@yandex.ru
Other publications by this author
 

 

DOI:

10.25136/2409-7543.2022.4.39060

EDN:

KFAHYQ

Received:

29-10-2022


Published:

30-12-2022


Abstract: The object of the study is the relations in the field of ensuring the security of digital infrastructures in the financial and banking sector. The subject of the study is represented by regulatory legal acts and sources of "soft law" of Singapore, which establish requirements for information systems, personal and confidential data. The features of the Singapore approach to the regulation of relations in this area are determined. The requirements of the Monetary Authority of Singapore for the security of digital infrastructures in both the public and private sectors are considered. The features of ensuring the security of key components of digital infrastructures are characterized: digital identity; authorization and consent; functional compatibility of payment systems and data exchange. The role of the financial regulator in ensuring the security of digital infrastructures is investigated. Singapore has identified a holistic approach to the development of regulatory policy as the main security factors of the digital infrastructure of the financial and banking sector, as well as the determining role of the financial regulator in the creation of digital infrastructure. The technical side is just one of the elements of the digital infrastructure: it is necessary to balance regulatory, technical and business standards. The key components of the digital infrastructure allocated by the Monetary Authority of Singapore determine the level of security of the production processes of financial institutions. Attention should be focused on building the trust of the end user. The protection of the digital infrastructure of financial institutions from threats increases the degree of confidence in these institutions on the part of investors. Therefore, Singapore's financial institutions have a high investment attractiveness.


Keywords:

financial banking sector, information security, personal data, digital infrastructure, financial regulator, fintech, authorisation, digital identity, data exchange, payments interoperability

This article is automatically translated.

Relevance. Financial institutions of the developed economies of the world are becoming targets of serious cyber attacks. Singapore is no exception: being the most developed state in terms of information technology in the world, it is also a key international financial and trade center. This makes it an ideal target for cyberattacks, the consequences of which are much more serious than the usual violation of Singapore's social and economic well–being – the entire international supply chain and banking sector, and in the long run, the international economy, are under attack. Therefore, the legislator of this city-state promptly responds to emerging challenges and improves the regulatory framework. For example, in 1993, Singapore was the first Southeast Asian country to adopt the Computer Misuse and Cybersecurity Act. The second decade of the XXI century was marked by the rapid growth of the digital economy, to which Singapore responded with the Personal Data Protection Act 2012, the National Cybercrime Action Plan 2016, the National Cybersecurity Strategy 2016 and the Cybersecurity Act 2018 [1, p. 105]. In its Cybersecurity Strategy, Singapore has identified four main areas of close cooperation between the private and public sectors to ensure cybersecurity: (i) building a sustainable infrastructure; (ii) creating a secure cyberspace with the involvement of civil society; (iii) developing a dynamic cybersecurity ecosystem by increasing the number of specialists as a result of cooperation with educational institutions; (iv) strengthening international cooperation, especially within the framework of ASEAN (Singapore's Cybersecurity Strategy 2016, URL: https://www.csa.gov.sg/news/publications/singapore-cybersecurity-strategy ).

Singapore was one of the first to realize that the next stage of the digital revolution is the transition from fragmented digital solutions to digital infrastructures. They will stimulate wider adoption of digital technologies in the economy and society [2, p. 2]. Digital infrastructures ensure compatibility of solutions and uninterrupted services, which allows reaching more people and businesses at lower costs and greater convenience. Public fundamental digital infrastructures are crucial for inclusive economic and social development. Just as physical infrastructure stimulated the emergence of an industrial economy, fundamental public digital infrastructures accelerate the growth of the digital economy.Statement of the research problem.

The financial and banking sector was one of the first economic sectors to move into the digital environment. The digital infrastructure of financial institutions ensures the continuity of trade and economic processes, therefore its security is the key to the stability of credit, financial and commodity-money relations. The security of the financial and banking sector has an informational nature, since in its essence it is a collection of data reflecting the movement of capital and the operation of instruments. And the data exists in digital format, they are processed in information systems that are vulnerable to physical (technical) and human influence. It is possible to counteract information threats on condition of their certainty, that is, the popularity of those indicators (factors) that determine the very essence of the existence of an object. In this regard, the need to determine such factors is an urgent issue facing the regulator. The security of the digital infrastructure of financial institutions from threats affects the degree of trust in these institutions from both counterparties and investors who trust them with their capital. The high volatility of digital assets attracts a large number of non-professional investors who want to increase their capital. Therefore, in the face of continued investment inflows, financial institutions are forced to increase the costs of ensuring the security of digital infrastructures.The purpose of the study is to characterize Singapore's approach to determining the security factors of digital infrastructure in the financial and banking sector.

Methodology.

To obtain the most reliable scientific results, a number of general scientific (system-structural and formal-logical methods) and special legal methods of cognition (comparative legal and formal-legal methods) were used.The subject of the study, the source base of the study, contradictions in existing studies and the author's position.

The subject of the study is the main regulatory legal acts in the field of ensuring the security of Singapore's digital infrastructure. The topic we have chosen for the study has not yet been sufficiently studied in the Russian scientific literature and is a logical continuation of our research within the framework of the RFBR grant "Ensuring the rights of investors in the banking and financial sectors in the conditions of digitalization of the economy in the Russian Federation and the leading financial centers of East Asia: a comparative legal aspect". However, it should be noted the work of O.M. Makhalina and V.N. Makhalin, in which they prove the need to consider the costs of information security as "strategic investments that ensure the continuity of their business processes and that create advantages in an era of rapidly developing cyber threats" [3, p. 136].The main part.

The Monetary Authority of Singapore has identified four key components of the basic digital infrastructure in 2021: 1) digital identity, 2) authorization and consent, 3) functional compatibility of payment systems (payments interoperability) and 4) data exchange [2, p. 2-3]. The level of security of these main components affects the ability to carry out digital operations, together they provide the foundation of the digital economy. In science, it is customary to distinguish several security factors of information systems [4, p. 30]: cognitive, social, information-technical and organizational-administrative. Consequently, digital infrastructures, being complex information objects, can be influenced by processes and phenomena that negatively affect their functionality. At its core, digital infrastructure is a complex of technologies and digital products built on their basis, providing computing, telecommunications and network capacities, and working on a digital basis (Digital transformation. Terms and definitions: STB 2583-2020. – Introduction. 2021-03-01. – Minsk: Gosstandart, 2020. – 16 p.). Therefore, the key components of the digital infrastructure allocated by the Monetary Authority of Singapore determine the level of security of the production processes of financial institutions. Let's look at them in more detail.

A key element of the digital infrastructure is a reliable digital identity that allows individuals, businesses and government agencies to represent themselves and act on behalf of others in the digital space. The digital identity of a person is understood as "a set of unique personal data of a person presented in digital form, allowing to identify this person from other subjects of digital interaction" [5, p. 9].

Digital identity allows you to automate access to services provided by computers, and allow computers themselves to mediate relationships. It acts as a common, reliable and reusable method of data transmission. Digital identity allows users to use one means of authentication through several digital services (including websites, applications, devices). This data collectively defines an individual and can be used to identify an individual, an enterprise, or a government agency. The purpose of digital identity is broader than the general identification of the end user: it can confirm his ability to access services or perform a specific task.

Digital identity is associated with mechanisms that ensure the proper use of personal data (Personal Data Protection Act 2012, URL: https://sso.agc.gov.sg/Act/PDPA2012 ). They are necessary to ensure proper security, fraud prevention and other control measures, as well as for other purposes implied by the nature of data use. Such use of personal data is legal and all types of use must be properly reported/brought to the attention of users. As a result, users should understand how their data is used and for what purposes, and the amount of data should be sufficient to achieve a specific goal. Information system operators should use notifications and consent forms so that users of digital infrastructures understand how their personal data is used.

By eliminating the need to use multiple passwords and identity verification procedures, digital identity allows customers to use a single means of identifying themselves in several digital services, including websites, applications, devices, etc. This allows the user to identify himself as the final recipient of the service or product. Digital identity belongs to, is managed and controlled by an individual, which means that he has the right to access his personal data, change and delete them, and also has the right to protection in case of violation of his rights. Due to the complexity of monetary, financial, trade and economic relations involving several entities in the legal plane at the same time, there is an objective need to create a so-called "ecosystem", a complex digital infrastructure that provides secure data exchange between end users, information intermediaries, service providers and data verification service providers, as well as personal data operators together with technical devices for storing such data [2, p. 10].

Authorization is defined as the process of granting a user or a group of users certain permissions, access rights and privileges in a computer system [6, p. 402].

In order for information systems to work effectively, most countries and regions have put into effect a set of legal norms and other requirements that guarantee users' understanding of the processes of using information in each digital context. The purpose of these requirements is to ensure transparency of information for individuals, as well as greater accountability of all operators (both public and private persons) who may use personal and confidential data to carry out transactions or provide services (Cybersecurity Act 2018, URL: https://www.csa.gov.sg/legislation/cybersecurity-act ).

One of the most common methods of ensuring transparency and obtaining consent from an individual is to send a notification to an individual, and then request consent for the use specified in the notification. There are various notification and consent models that have been deployed by a number of systems. The most common is the explicit notification and consent mechanism, which allows end users to choose how their data is used when they digitally interact and carry out transactions with their chosen service providers (Technology Risk Management Guidelines for Financial Institutions 2021, URL: https://www.mas.gov.sg/regulation/guidelines/technology-risk-management-guidelines ). This gives users the ability to control their data, consent to data exchange or initiate payments. This method is a high-trust model that allows users to exercise some control over their actions and transactions in the digital economy.

All authorization and consent mechanisms require clear and transparent disclosure of information about how and what information will be collected, used and transmitted. In order for the digital environment to function and inspire trust among users, transparency (transparency) is the key to ensuring that the parties understand their responsibilities to each other. Depending on the confidential nature of identification and personal data, as well as how this information will be used and how widely it will be distributed or published, it is important that all parties understand the need to ensure the security of information and the principle of data minimization (collection, use and storage of only those data that are necessary for the creation and provision of this services). All parties must disclose, either initially or upon request, all uses of the data. To further achieve trust and control of users, it is necessary to introduce technologies to increase confidentiality and security, if possible, in order to minimize the exchange of personal and confidential data in open form, in order to provide the protection necessary for all parties [2, p. 11].

Consent services are usually presented in the form of an information panel or data warehouse that provides users with information about what data will be used, for what purposes and with which service providers. After authorization, the user works with the consent service, choosing a number of services for which he allows the use of his data, and gives permission or consent to the use of his data for a number of transactions or services. This type of permit can be issued for an unlimited period of time or have a specific validity date. It still allows the user to set the level and type of information exchange and usage types. The user can log back into the data warehouse or toolbar at any time to change their settings or permissions and/or select new services with which to share their data. The advantage of this method is that it eliminates the friction associated with repeatedly interrupting data flows to obtain consent from a person. It also has the disadvantage that users do not necessarily regularly review their personal accounts to make sure that they remember or fully understand the consequences of their consent and the associated data exchange.

To ensure smooth payments between both digital and digital and physical environments, the interoperability of payment systems (interoperability of payment systems) is necessary. Interoperability is a complex and multifaceted concept that includes management components, technical aspects and branding. Governance includes a set of rules and contracts that allow parties to participate in the clearing and settlement process (commonly known as a "scheme"). Management can be established by a local act of a financial institution or by law (Payment Services Act 2019, https://www.mas.gov.sg/regulation/acts/payment-services-act ). Technical components are the infrastructure through which payment (or related) messages are exchanged, as well as formats, networks, security protocols and mechanisms that ensure risk-free and timely execution of clearing and settlement functions.

The functional compatibility of payment systems depends on the following factors: 1) access subjects - access to the payment scheme is often not limited to banks. Companies and third-party solution providers (payment gateway providers, gateway providers) may also have access in accordance with the rules and structure of the scheme; 2) the non-discriminatory and simple nature of access means simple and reasonable parameters for joining the payment scheme. They include adaptation and ongoing participation. Small banks or new entrants to the industry should not face unreasonably high or inadequate entry barriers; 3) innovativeness - the design of the scheme and its infrastructure should encourage innovation. Ease of access and common message standards are key. In a practical way, it is necessary to identify and implement new options for using payment systems (regardless of the underlying payment schemes; 4) user protection - measures should be provided to protect users' rights, in particular, data protection and fraud detection; 5) time of operations – payment processing can be carried out according to a schedule, i.e. batch processing (batch, scheduled processing) or in real time. Recently, there has been a shift in favor of the latter all over the world. However, batch processing still has significant advantages where real-time mode is not required, such as monthly salary payments; 6) risk management is a key issue for payment schemes. Mechanisms are required to eliminate settlement risk, manage reputational risk and enable banks to manage credit risk; 7) the possibility of replacement is an important factor in reducing risk and providing a choice for the user. The possibility of replacing one payment scheme with another (for example, making payments in real time and batch payments) helps to reduce the risk of technical failure of the bank or payment scheme. The replacement also allows buyers and sellers to choose the most appropriate payment option; 8) Communication standards based on ISO 20022 are common open standards. They help banks and other institutions optimize their systems and enable vendors to develop services and products. It is allowed to replace common message standards; 9) security - security standards directly support the integrity and contractual nature of the payment scheme. Standards should be strong enough to withstand the latest threats, and should ensure authentication, confidentiality, data integrity and non-repudiation of work. Non-repudiation is the key to maintaining the contractual nature of the payment scheme and the system of responsibility for it [2, p. 12].

These factors determine the need to develop services based on local clearing and settlement infrastructure. As an example, we can give a proxy (proxy) - an alternative to bank account numbers and a service such as Request-to-Pay (RtP). Proxy literally translates as "intermediary". This is a minimal set of data (QR code, phone number or email address, for example), to which the bank details of the beneficiaries are linked. Payments are made by simply specifying the beneficiary's proxy, keeping his personal or confidential data secret from the payer. A proxy is an alternative well–known and convenient identifier that ensures the security of bank account data. It also works independently of the current account and its associated bank (in other words, the account holder can move his account to another bank, and payments will follow as long as the information about the single proxy/account is updated).

Request-to-Pay literally translates as "request for payment" and means that the recipient of the payment initiates a request for a specific operation from the payer. The system provides a digital request that the payer can receive on his mobile device. It can appear in a mobile banking application or through a third-party application. After that, the payer can accept or reject the payment request. Depending on the region, the request may also include detailed information about the transaction, the date of payment or other details of the invoice. If the payer approves the payments, a real-time transfer is initiated to the payee. This service provides a fast way to carry out transactions between two parties without the need to remember or search for complete account information.

Data exchange allows end users to make their data available and accessible to their service providers for a set period of time and for a specific purpose. Data can be exchanged to enable financial planning through apps and financial advisors, making it easier to collect information for filing taxes or applying for loans based on verified information. Data exchange can also support payments by authenticating the accounts of their owners and providing digital identification by providing information to authenticate a person. The data to be exchanged may include credit details, transaction data, demographic data, and assets. Like other elements supporting digital infrastructure, technical and management components will be required for data exchange.

In order for data exchanges to be carried out properly in the context of a specific digital infrastructure, it is necessary to take into account the purposes for which data exchange will be used and the following design criteria. Firstly, these are security requirements that ensure that data exchange is secure, but at the same time flexible enough to implement the latest technologies. Secondly, these are confidentiality requirements that ensure transparency and clarity of the processes in which data is used for users, as well as consent to the transfer and use of their data and the ability to revoke this consent. Thirdly, these are technical standards that ensure the compatibility of data transmission mechanisms. Application programming interfaces (API) must provide data of the required quality in the same format for certain use cases. Fourth, these are standards for the authentication of individuals or legal entities in their accounts and data to limit fraudulent access and restrict the exchange or storage of bank credentials. Fifth, there are incentives for data providers (for example, financial institutions) to ensure timely access to data, since the lack of incentives can create obstacles to data exchange. And finally, it is parity of access to data for individuals and small businesses to obtain full economic benefits for all participants of the ecosystem, as well as equal modes of activity for all participants of the ecosystem. This will allow for competition between data providers (for example, financial institutions), data aggregators (i.e. technical intermediaries and service providers) and data users (such as a provider of payment functions) [2, p. 13].

The security of data exchange depends on several factors. This is, first of all, the functional security of the API and similar data transfer mechanisms to ensure the ongoing data exchange between data providers, any intermediaries and the end user of the data. Authentication of users in their accounts should be carried out in a safe and reliable way, which reduces the risks of fraud. Data governance and data management capabilities should be provided to convert the provided data into the necessary information for specific use cases, for example, for performing analysis in order to prevent fraud. Data management includes processes from data creation to data deletion. Data management consists in creating rules and solutions for operational processes that run within these processes (therefore, data management is not a separate process). And finally, an important factor is the development, adjustment and updating and adjustment of management and technical standards by authorized state bodies and self-regulatory organizations.

Unlike Internet infrastructure, the creation of digital infrastructure requires not only compliance with technical standards. For example, when performing digital transactions, internal and external exchanges of financial information are based on trust networks that are regulated by legal, business and technical agreements and standards. As data becomes increasingly valuable in the digital economy, there is a strong case for applying "digital payment management" mechanisms to ensure trust in digital infrastructures. This ultimately leads to the creation of a digital infrastructure that allows end users to control both their money and data in a reliable way, placing a person at the center of the digital ecosystem.

The Monetary Authority of Singapore has taken the initiative to unite the efforts of all regulators to develop a common strategic understanding, identify appropriate regulatory instruments and interaction of relevant stakeholders. The financial regulator criticized the tendency of the state apparatus to over-regulate the introduction of innovations. In his opinion, the best motivation for innovation has historically been the commercial factor. [2, p. 3]. Technological innovations are regularly introduced by companies looking for market niches, which are the unmet needs of end users (consumers, companies or governments). Innovations should bring the desired and necessary results. The government should assume the role of creating a favorable climate for investment in innovation. Singapore has long been a global leader, having established the right balance between encouraging investment in new technologies in the financial and banking sector and protecting its population from unscrupulous actors. This is the result of active interaction between the state apparatus and the management of financial institutions.

Conclusions. As a result of the conducted research, we came to the following conclusions. The Monetary Authority of Singapore puts forward the same requirements for the security of digital infrastructures in both the public and private sectors. In any digital infrastructure, the security of four key components must be ensured: 1) digital identity, 2) authorization and consent, 3) functional compatibility of payment systems (payments interoperability) and 4) data exchange. Digital identity defines confidence from two sides of digital interaction. Each participant must be sure that the party at the other end is the subject he pretends to be. Therefore, mechanisms should be developed to ensure authentication and confirmation of the user's identity while ensuring the confidentiality and security of information. Digital interaction should be transparent, safe and effective. The data should be used in accordance with the purposes for which they are provided, and in a way that is expected and understood by users. The digital infrastructure should have built-in tools and mechanisms explaining to users how their information is collected, used and exchanged, as well as enabling them to own, manage and control their personal and confidential data. Ensuring the functional compatibility of payment systems includes managerial and technical factors, the consideration of which affects the security of transactions. Approaches to data exchange should be similar: data providers (financial institutions) should ensure the use of data in the interests of a particular person. Data exchange allows you to make payments, carry out financial planning, create a digital identity, create credit files and perform other actions due to the nature of the digital infrastructure.

The main security factors of the digital infrastructure of the financial and banking sector are the following. This is a holistic approach to the development of regulatory policy, as well as the defining role of the financial regulator in the creation of digital infrastructure. In addition, it is important to remember that the technical side is only one of the elements of the digital infrastructure: it is necessary to balance regulatory, technical and business standards. Attention should be focused on building the trust of the end user. The protection of the digital infrastructure of financial institutions from threats increases the degree of confidence in these institutions on the part of investors. Therefore, Singapore's financial institutions have a high investment attractiveness.

The research was carried out with the financial support of the RFBR as part of the scientific project 20-011-00454  "Ensuring the rights of investors in the banking and financial sectors in the context of the digitalization of the economy in the Russian Federation and the leading financial centers of East Asia: a comparative legal aspect"

References
1. Gorian, E.V. (2018). Singapore’s leadership on cybersecurity in ASEAN: intermediate results and future prospects. The Territory of New Opportunities. The Herald of Vladivostok State University of Economics and Service, 3(10), 103–117.
2. Foundational digital infrastructures for inclusive digital economies. – Singapore: Monetary Authority of Singapore, 2021. – 58 p.
3. Mahalina, O.M., Mahalin, V.N. (2020). Digitalization of business increases costs of information security. Management, 1(8), 134-140.
4. Kozachok, V.I., Vlasova, S.A. (2014). Factors that determine the information security of a corporation. Central Russian Bulletin of Social Sciences, 5(35), 30-34.
5. Dudko, M.O. (2019). Digital identity of a person: theoretical and legal aspect. Bulletin of Yanka Kupala Grodno State University, 3(9), 6-12.
6. Filyak, P.Yu., Zaharenkov, I.A., Perevezencev, I.S. (2021). Ensuring the information security of an information system using artificial intelligence - approaches, technology (part 1). Information and security, 3(24), 401-412.

Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

A REVIEW of an article on the topic "Determining the security factors of digital infrastructure in the financial and banking sector: Singapore's approach". The subject of the study. The article proposed for review is devoted to the issues of determining "... the security factors of digital infrastructure in the financial and banking sector: Singapore's approach". The author has chosen a special subject of research: the proposed issues should have been investigated from the point of view of Singapore's information law, but there are only references to Singapore's NPA and the translation of certain sections of the National Cybersecurity Strategy (National Cybersecurity Strategy 2016), while the author noted that "Financial institutions of developed economies of the world are becoming targets of serious cyber attacks." Legislation relevant to the purpose of the study is being studied. A certain amount of scientific literature on the stated issues is also studied and summarized, analysis and discussion with the opposing authors are partially present. At the same time, the author notes that "It is possible to counteract information threats provided that they are certain, that is, the well-known indicators (factors) that determine the very essence of the existence of an object. In this regard, the need to identify such factors is an urgent issue facing the regulator." Research methodology. The purpose of the study is determined by the title and content of the work: "The security of the financial and banking sector has an informational nature, since in essence it is a collection of data reflecting the movement of capital and the operation of tools", "... to characterize Singapore's approach to determining the security factors of digital infrastructure in the financial and banking sector." They can be designated as the consideration and resolution of certain problematic aspects related to the above-mentioned issues and the use of certain experience. Based on the set goals and objectives, the author has chosen a certain methodological basis for the study. The author uses a set of general scientific, special legal methods of cognition. In particular, the methods of analysis and synthesis made it possible to generalize some limited approaches to the proposed topic and partially influenced the author's conclusions. The most important role was played by special legal methods. In particular, the author used a formal legal method, which allowed for the analysis and interpretation of the norms of the current legislation of Singapore. At the same time, in the context of the purpose of the study, the formal legal method could be applied in conjunction with the comparative legal method, especially since the author states: "To obtain the most reliable scientific results, a number of general scientific (systemic-structural and formal-logical methods) and special legal methods of cognition (comparative legal and formal legal methods)". In particular, the following conclusions are drawn: "The main security factors of the digital infrastructure of the financial and banking sector are the following. ... a holistic approach to the development of regulatory policy, as well as the defining role of the financial regulator in the creation of digital infrastructure. ... the technical side ...: it is necessary to balance regulatory, technical and business standards," etc. Thus, the methodology chosen by the author is adequate to the purpose of the article and allows us to cite certain aspects of the topic. The relevance of the stated issues is beyond doubt. This topic is one of the most important in the world and Russia, from a legal point of view, the work proposed by the author can be considered relevant, namely, he notes that "Singapore ... is also a key international financial and trade center. This makes it an ideal target for cyber attacks, the consequences of which are much more serious than the usual disruption of Singapore's social and economic well–being – the entire international supply chain and banking sector, and in the long run, the international economy, are under attack." And in fact, an analysis of the work of opponents and NPAs should follow here, and it follows mainly in relation to the National Cybersecurity Strategy (National Cybersecurity Strategy 2016) and the author shows the ability to master the material, in some cases giving a translation from it. Thus, scientific research in the proposed field is only to be welcomed. Scientific novelty. The scientific novelty of the proposed article is questionable. It is not expressed in the specific scientific conclusions of the author. Among them, for example, is this: "The protection of the digital infrastructure of financial institutions from threats increases the degree of trust in these institutions from investors." As can be seen, these and other "theoretical" conclusions cannot be used in further scientific research. Thus, the materials of the article as presented may be of limited interest to the scientific community. Style, structure, content. The topic of the article corresponds to the specialization of the journal "Security Issues", as it is devoted to the issues of determining "... the security factors of digital infrastructure in the financial and banking sector: the Singapore approach". The article contains a very brief analysis of the opponents' scientific works (there are only 4 of them), so the author notes that a question has already been raised that is relatively close to this topic: "The topic we have chosen for research has not yet been sufficiently studied in the Russian scientific literature and is a logical continuation of our research within the framework of the grant ...", but the author practically does not use the materials of opponents and does not cite the results of previous studies, discusses with individual opponents. The content of the article corresponds to the title, as the author considered the stated problems and achieved some of the goals of his research. The quality of the presentation of the study and its results should be recognized as incomplete. The subject, tasks, methodology follow directly from the text of the article, but there are no results of legal research, scientific novelty. The design of the work meets certain formal requirements for this kind of work. It seems that the work is a manual that describes the security issues of the "digital infrastructure in the financial and banking sector" and provides links to the NPA of Singapore. Significant violations of these requirements: lack of scientific novelty; a small amount of literature on this topic, respectively, there are practically no opponents, etc. Bibliography. The quality of the scientific literature used should be evaluated poorly. The presence of modern scientific literature could show the validity of the author's conclusions. The works of the above authors correspond to the research topic, but do not have a sign of sufficiency, contribute to the disclosure of some general aspects of the topic. Appeal to opponents. The author has analyzed the current state of the problem under study. The author describes some of the opponents' points of view on the problem, argues for the correct position in his opinion, based on the work of opponents, and offers solutions to individual problems. Conclusions, the interest of the readership. The conclusions are logical, not always specific. The article in this form may be of interest to the readership in terms of the presence in it of the author's systematic positions in relation to the issues stated in the article only after revision. Based on the above, summing up all the positive and negative sides of the article, I recommend "sending it for revision".