1 / 60

The Future of Banking & Some Security Related Matters ( November 4, 2004) at Andhra Bank by

The Future of Banking & Some Security Related Matters ( November 4, 2004) at Andhra Bank by. Vepa Kamesam Former Deputy Governor, RBI Currently Chairman, IDRBT/BRBNML. Technology and Banking. Tasks Common to Both. Information Storage Processing Transmission. Technology. Banking.

pascha
Download Presentation

The Future of Banking & Some Security Related Matters ( November 4, 2004) at Andhra Bank by

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Future of Banking & Some Security Related Matters(November 4, 2004)at Andhra Bankby Vepa Kamesam Former Deputy Governor, RBI Currently Chairman, IDRBT/BRBNML

  2. Technology and Banking Tasks Common to Both Information Storage Processing Transmission Technology Banking The Quintessence Nature of Banking harmonizes closely with Technology –

  3. Banking and Technology Innovative Risk Management Complex Credit Calculations Global Operations Pervasive Branch Network Mass Transaction & Items Processing

  4. Many Benefits of Technology • Increased operational efficiency, profitability & productivity • Superior customer service • Multi-channel, real-time transaction processing • Better cross-selling ability • Improved management and accountability • Efficient NPA and risk management • Minimal transaction costs • Improved financial analyses capabilities

  5. Focus aspects of Commercial Banking now are: BANK’S BUSINESS LOANS & MISC. SERVICES RAISING DEPOSITS Core Banking (CBS) MIS & Intranet ATMs POS Terminals and Cash dispenser Electronic Banking CORPORATE NETWORK Card Management Any Branch Banking Document Management CRM Risk Management Resource Management BANK’S BUSINESS

  6. Financial Technology Infrastructure • Data Center to host servers for: • CBS • ATM/Financial Switch • Internet Banking • DW/DM/CRM/MIS etc. • Back-office Application • E-mail Servers, Internet Server, • Enterprise-wide Network & Networking Equipment • Security Systems • Systems at Branches/RO/ZO/CO Depts. • Supporting Systems • Disaster Recovery Site & Business Continuity

  7. Technology – A Differentiator Technology is indeed a differentiator not only in terms of competitive advantage, but also in terms of administrative and back-end processes…. But…due to rapid technology deployment in Indian banking sector, the “haves” and “have-nots” gap is all set to narrow quickly.

  8. How Long a Differentiator? • Then….can technology be enough of a differentiator? • Any new technology or technology-enabled process can act as a differentiator or a competitive edge for some level of time. • After that time, the technology still has to be adopted as a “necessity” and as a cost of doing business Thanks to shortening technology life cycles, it would be short sighted to assume that technology would be a long term differentiator…

  9. For Long-Term Differentiation Elements of Technology as a Differentiator Scalability & Flexibility Efficient utilisation, mgmt Process enabling Utility to customer Support Skills

  10. Issues with Customers Not only employees, there are problems for customers too when a new technology arrives… • The major challenges – • Comfort levels • Security and trust issues • Convenience factor • Getting rid of myths • Migration from existing to new systems • Changing the habits

  11. POS Terminal and Cash Dispenser POS Terminal Connected to Cash dispenser

  12. ATM Electronic Banking Branch Banking Branch 3 Branch 2 Branch 1 Head Office Branch 4 Branch n Branch 5 Branch 6

  13. Technology Acquisition • Inappropriate technology purchases can be the root of all problems… • The Bank management has to: • Give thought to the utilization rate • Avoid “knee-jerk” reactions (“they have done it…I should also do it”) • Be impartial in technology decisions (“I like that technology…I want it”) • Understand where the solution will fit AND where it won’t! • Assess the strengths & weakness of solution • And seek answer to “are we ready for it?”

  14. Goal definition • Integrating business & technology goals • Solution features • Vendor selection • Business process re-engineering • Change management • Efficient utilisation • Customer utility • Technology Management • Support functions • Maintenance • Back-ups and Disaster Recovery • Scalability & flexibility • Learning & evolution Technology For Sustained Differentiation Differentiation is attained not achieved just through technology, it is gained in the way the technology is selected, implemented and utilised

  15. Regulation and Supervision – The Challenge • Challenge of Technology: • New markets, products, services, delivery channels • Opened up a market for “risks” – derivatives • Challenge of financing tech firms & IT innovation • all have implications for the stability of banks and of the economy • The Opportunity • Regulators have new tools • Focus of all recent financial sector reforms • Emergence of non-intrusive, focused supervision • …with a view to prevent frauds and disturbances to financial stability

  16. Technology and Banking Supervision THE RBI RESPONSE Offsite Supervision & Monitoring OSMOS COSMOS (Non banking Financial Companies / Development Financial Institutions) UBD Soft Credit Information Bureau (A joint venture between Housing Development Finance Corporation Ltd., State Bank of India, Trans Union International Inc. & Dun & Bradstreet Information Services India Pvt. Ltd.) IS Audit done by authorized agencies & compliances thereof.

  17. Currency Management and Technology – Opportunities Galore • Currency Management - a formidable task in India given… • the geographical size, the volume and value of notes and coins in circulation, preference for cash and currency handling practices • ...but technology offers immense opportunities to improve performance RBI’s The Clean Note Policy (1999) Establishment of 2 state of the art currency presses Technology driven anti counterfeit measures 48 fully automated Currency Verification & Processing Systems 21 Shredding and Briquetting Machines

  18. Technology & Monetary Systems The Opportunities – • The proliferation of IT has also set the stage for improving and managing risks in payment systems • Electronic Trading Systems • DVP/PVP • RTGS • Secured Netting Systems • The growth of the Central Counterparty (CCP) • Continuous Linked Settlement

  19. Continuous Linked Settlement Central Counter party Secured Netting Systems Payment Versus Payment Real Time Gross Settlement Electronic Dealing Platforms Delivery Versus Payments Demateria-lisation Of Securities IT and Payment and Settlement Systems

  20. NFS/IBPG NEFT CFMS RTGS PKI-based Security PDO-NDS & SSS SFMS INFINET Compliance with BIS Core Principles Clearing Corporation of India IDRBT RBI INITIATIVES IN PAYMENT & SETTLEMENT SYSTEMS

  21. RBI Initiatives in Payment and Settlement Systems (1) • The IDRBT • Network Externalities • The Indian Financial Network (INFINET) • Messaging Solutions • The Structured Financial Messaging System (SFMS) • Security • Public Key Infrastructure • IDRBT CA • National Financial Switch • Inter Bank Payment Gateway

  22. CCA IDRBT CA IDRBT CA Repository RA RA RA Subscriber Subscriber Subscriber Subscriber Subscriber Subscriber PKI Hierarchy

  23. ISDN Leased Line Leased Line Bank 2 ISDN INFINET Leased Line Leased Line ISDN ISDN Leased Line ISDN BANCS & Cashtree Location: Mumbai MITR Location: Chennai NFS CONNECTIVITY with Existing Consortiums & Individual Banks National Financial Switch & E- Payment Gateway ISDN Bank 1 Bank N Broad Band VSAT CashNet IP Address:202.138.123.68 Subnet Mask: 255.255.255.254 Location: Mumbai Primary Link Backup Link

  24. RBI Initiatives in Payment and Settlement Systems (2) • A Real Time Gross Settlement System • Reduction of systemic risk in inter bank payment systems • To be implemented by the year end • The Centralised Funds Settlement System • Facilitating effective liquidity management • The Negotiated Dealing System • A modern electronic dealing platform for gilts • Enabling Straight Through Processing

  25. Real Time Gross Settlement CFMS IAS Settlement Accounts Intra Day Liquidity SSS IFTP Strip & Store Processes RBI Payments and Actg. Entry Interface INFINET NSS Participant’s Interface Participant’s Interface Participant’s Interface

  26. RTGS Scenario • 92 banks have implemented it • 3-4 more to implement in a fortnight • Customer transactions have already started • Total volumes – Transactions on average Rs.20,000 crores per day settled continuously from the time of opening of markets • Guarantee settlement fund

  27. RBI Initiatives in Payment and Settlement Systems (3) • The Securities Settlement System • Providing centralized depository and settlement services • Seamlessly integrated with the NDS and RTGS Systems • The Clearing Corporation of India • Secured netting services with central counterparty arrangements • G-Sec and Forex segments • Elimination of settlement risks with liquidity saving elements

  28. Smart Cards – The Future • Multi-application Smart Card • Channel of the future • Pilot project started • Pilot Project funded by MCIT, Govt. of India • The project is in progress in partnership with IDRBT, IIT Bombay, and Banks in India

  29. RBI and Customer Service…(1) • Dissemination of information • The RBI website • Multiple Delivery Channels • Coin & Note Dispensing Machines • For the general public • Interactive Voice Response System • For banks and financial institutions • Web server • For government customers • On the anvil…. • A secured web server • SFMS/email based communication with customers

  30. RBI and Customer Service...(2) • Improvements in payment and settlement systems • MICR Clearing • Enabling faster clearing of cheques • Cheque Truncation & E-Cheques • On the drawing board • ECS/EFT • Enabling T+2 settlement of our equities market • National EFT • Enabling T+0 settlement of all customer funds transfer transactions

  31. Issues in Implementation “Less than 10% of failures are due to technical snags – most are due to poor management and implementation” • Resistance to change • Overlooking process reengineering • Project management • Dedicated project teams • Change management • Policies • People Skills & Training • Basic Infrastructure – telecom, power • Security • Privacy & confidentiality • Legal and regulatory issues

  32. Planning for Disasters Business Process Re-engineering Human Resource Empowerment Pre-requisites for Technology

  33. The pre-requisites for Technology • Planning for disasters • Increased operational risk • Business Continuity Planning • Business Process Re-engineering • Human Resource Empowerment

  34. Disaster Management • An action plan to combat perceived threats…contains 3 different stages: • Prevention • Rescue and relief • Post-disaster rehabilitation • The “to-do’s” list • Disaster recovery policy & procedures • Identification of critical tasks & information • Regular drills • Training

  35. Disaster Recovery Planning Cycle Veritas

  36. Getting Personal with Personnel • People represent the most precious asset • Large employee base – largely untrained. Training scope & methodology? • VRS to balance costs. Break even? Down sizing? • Bring in young blood • Campus recruitment • Re-defining & designing jobs. Career paths? • Specialist Vs. Generalist • Attrition of trained employees to IT industry / other banks. Competitive incentives? • Re-location of personnel. Union issues? • Retrained personnel. Morale of employees?

  37. Need for Training • All these developments call for extensive, continuous training • Current and future technology implementations call for at least 20% of officers specialise in IT • Hence need for specially skilled people – a mix of: • System administrators • Application managers (knowledgeable about both banking and technology) • Technology managers (who form the core team of technology professionals).

  38. Some Security Related Matters

  39. Security is about…cementing the weak link • Enemy will never strike at your strong points…it will target the chinks in your armour • Hence…what is needed is: • Systematic, periodic review of security arrangements • Locate the weak links & build them • It is not a “one-time” project, rather a continuous exercise

  40. Computer Crimes • Only 5% of cyber crimes in banks are reported in India, as opposed to 20% globally. Of these, over 60 per cent are instances of internal fraud (NASSCOM) • In August 2004 alone, the number of reported cyber crimes crossed 1,37,529 and the figure has been growing by 50 per cent year-on-year • Occur in 3 ways: • Physical Crimes • Data-Related Crimes • Software-Related Crimes • To combat the same, IT ACT 2000 is a step in the direction • In addition, strong security measures (physical & data) plus disaster recovery are essential

  41. Security Controls • Authentication of e-banking customers • Non-repudiation and accountability for e-banking transactions • Appropriate measures to ensure segregation of duties • Proper authorisation controls within e-banking systems, databases and applications • Data integrity of e-banking transactions, records and information • Establishment of clear audit trails for e-baking transactions • Confidentiality of key bank information

  42. Physical Security Aspects • Clearly defined responsibilities of Chief Security Officer: • Devise security policy & programme • Motivation & education of security force • Develop espirit-de-corps • Training not only for security personnel for entire staff • At security personnel level – discipline and performance to be stressed • Exercise caution in recruiting private security agencies – do the groundwork well! What to look for: • Armed guards with licensed weapons • Effective infrastructure for training the guards • Credible Supervisory infrastructure and • Security clearance by the State Government authorities

  43. Access Control Measures such as identity cards, entry permits, magnetic cards, computer vision or biometric control systems etc. Fire/Smoke detection systems, particularly which are covered by National Building Code Security Alarm Systems X-Ray Scanner Machines CCTV Systems Public address systems Hotline incl. Remote access wireless links Detection of chemicals and explosives using probes Carriage Inspection Mirrors Hotlines/Autodialers and mobile phones Time Lock Systems Integrated Crisis Management (ICM) Arrangement. Magnetic Contacts/Sensors Glass Break Sensors Passive Infra-Red (PIR) Movement Sensors Vibration Detectors Door Frame or Hand Held Metal Detectors (DFMDs/HHMDs) Physical Security Measures (1) Technology deployment has gone into building stronger physical security. Key developments

  44. Physical Security Measures (2) • Speed Breakers • Boom Barriers • Remotely operated collapsing barriers • Bollards • Spike busters – on wheels – zigzag • High mounted concealed cameras (photographing the number plates)

  45. Surveillance camera IR sensors Inspection mirror Smoke Alarm sensors Finger-print reader Specialty mirror for deterrence Iris Scanner X-ray scanner Metal Detector Access control - Graded access to various levels

  46. CCTV • Perhaps the most critical element in administering and monitoring security • Benefits: • Helps plan & conduct security • Eliminates grey zones in investigations • Helps study behaviours of staff & customers • Identifies potential threat/losses • Helps employees remain alert & confident • Minimum achievable objectives: • Early warning • Recorded evidence • Spot corrections • Strong Deterrent

  47. Physical & DataSecurity – What Else? • Application of Biometrics (e.g, instead of just fingerprint, an Indian company uses the palmprint for identification) • Use of infra-red sensors, beams & detectors • Specialised x-ray imaging – can we detect if the currency in a sealed box is counterfeit? • Issue with telephone connectivity – can be just snapped…can remote wireless systems be used instead? • What to with Data Security…if the data vanishes simply? Need to capture data on real-time basis at designated remote disaster recovery sites • Not all bank branches are computerised – then there will be issues of data security and integrity & how to capture the data from the non-computerised branches at regional hubs etc.

  48. How to Ensure Security??-A Framework Assess Respond Protect Detect

More Related