The Future of Banking

1
The Future of Banking Some Security Related
Matters (November 4, 2004) at Andhra Bankby

• Vepa Kamesam
• Former Deputy Governor, RBI
• Currently Chairman, IDRBT/BRBNML

2
Technology and Banking
The Quintessence Nature of Banking
harmonizes closely with Technology
3
Innovative Risk Management
Complex Credit Calculations
Global Operations
Pervasive Branch Network
Mass Transaction Items Processing
4
Many Benefits of Technology

• Increased operational efficiency, profitability
  productivity
• Superior customer service
• Multi-channel, real-time transaction processing
• Better cross-selling ability
• Improved management and accountability
• Efficient NPA and risk management
• Minimal transaction costs
• Improved financial analyses capabilities

5
Focus aspects of Commercial Banking now are
BANKS BUSINESS
LOANS MISC. SERVICES
RAISING DEPOSITS
Core Banking (CBS)
MIS Intranet
ATMs
POS Terminals and Cash dispenser
Electronic Banking
CORPORATE NETWORK
Card Management
Any Branch Banking
Document Management
Risk Management
Resource Management
CRM
BANKS BUSINESS
6
Financial Technology Infrastructure

• Data Center to host servers for
• CBS
• ATM/Financial Switch
• Internet Banking
• DW/DM/CRM/MIS etc.
• Back-office Application
• E-mail Servers, Internet Server,
• Enterprise-wide Network Networking Equipment
• Security Systems
• Systems at Branches/RO/ZO/CO Depts.
• Supporting Systems
• Disaster Recovery Site Business Continuity

7
Technology A Differentiator

• Technology is indeed a differentiator not only in
  terms of competitive advantage, but also in terms
  of administrative and back-end processes.
• Butdue to rapid technology deployment in Indian
  banking sector, the haves and have-nots gap
  is all set to narrow quickly.

8
How Long a Differentiator?

• Then.can technology be enough of a
  differentiator?
• Any new technology or technology-enabled process
  can act as a differentiator or a competitive edge
  for some level of time.
• After that time, the technology still has to be
  adopted as a necessity and as a cost of doing
  business
• Thanks to shortening technology life cycles, it
  would be short sighted to assume that technology
  would be a long term differentiator

9
For Long-Term Differentiation
Elements of Technology as a Differentiator
Scalability Flexibility
Efficient utilisation, mgmt
Process enabling
Utility to customer
Support Skills
10
Issues with Customers

• Not only employees, there are problems for
  customers too when a new technology arrives
• The major challenges
• Comfort levels
• Security and trust issues
• Convenience factor
• Getting rid of myths
• Migration from existing to new systems
• Changing the habits

11
(No Transcript)
12
ATM
Electronic Banking
Branch Banking
Branch 3
Branch 2
Branch 1
Head Office
Branch 4
Branch 5
Branch n
Branch 6
13
Technology Acquisition

• Inappropriate technology purchases can be the
  root of all problems
• The Bank management has to
• Give thought to the utilization rate
• Avoid knee-jerk reactions (they have done itI
  should also do it)
• Be impartial in technology decisions (I like
  that technologyI want it)
• Understand where the solution will fit AND where
  it wont!
• Assess the strengths weakness of solution
• And seek answer to are we ready for it?

14
Differentiation is attained not achieved just
through technology, it is gained in the way the
technology is selected, implemented and utilised
15
Regulation and Supervision The Challenge

• Challenge of Technology
• New markets, products, services, delivery
  channels
• Opened up a market for risks derivatives
• Challenge of financing tech firms IT
  innovation
• all have implications for the stability of banks
  and of the economy
• The Opportunity
• Regulators have new tools
• Focus of all recent financial sector reforms
• Emergence of non-intrusive, focused supervision
• with a view to prevent frauds and disturbances
  to financial stability

16
Technology and Banking Supervision
THE RBI RESPONSE
Offsite Supervision Monitoring OSMOS COSMOS
(Non banking Financial Companies / Development
Financial Institutions) UBD Soft Credit
Information Bureau (A joint venture between
Housing Development Finance Corporation Ltd.,
State Bank of India, Trans Union International
Inc. Dun Bradstreet Information Services
India Pvt. Ltd.) IS Audit done by authorized
agencies compliances thereof.
17
Currency Management and Technology
Opportunities Galore

• Currency Management - a formidable task in India
  given
• the geographical size, the volume and value of
  notes and coins in circulation, preference for
  cash and currency handling practices
• ...but technology offers immense opportunities to
  improve performance
• RBIs The Clean Note Policy (1999)
• Establishment of 2 state of the art currency
  presses
• Technology driven anti counterfeit measures
• 48 fully automated Currency Verification
  Processing Systems
• 21 Shredding and Briquetting Machines

18
Technology Monetary Systems

• The Opportunities
• The proliferation of IT has also set the stage
  for improving and managing risks in payment
  systems
• Electronic Trading Systems
• DVP/PVP
• RTGS
• Secured Netting Systems
• The growth of the Central Counterparty (CCP)
• Continuous Linked Settlement

19
IT and Payment and Settlement Systems
20
RBI INITIATIVES IN PAYMENT SETTLEMENT SYSTEMS
21
RBI Initiatives in Payment and Settlement Systems
(1)

• The IDRBT
• Network Externalities
• The Indian Financial Network (INFINET)
• Messaging Solutions
• The Structured Financial Messaging System (SFMS)
• Security
• Public Key Infrastructure
• IDRBT CA
• National Financial Switch
• Inter Bank Payment Gateway

22
(No Transcript)
23
PKI Hierarchy
24
NFS CONNECTIVITY with Existing Consortiums
Individual Banks
National Financial Switch E- Payment Gateway
ISDN
Bank 1
Bank N
Broad Band VSAT
CashNet
IP Address202.138.123.68 Subnet Mask
255.255.255.254 Location Mumbai
Primary Link Backup Link
25
RBI Initiatives in Payment and Settlement Systems
(2)

• A Real Time Gross Settlement System
• Reduction of systemic risk in inter bank
  payment systems
• To be implemented by the year end
• The Centralised Funds Settlement System
• Facilitating effective liquidity management
• The Negotiated Dealing System
• A modern electronic dealing platform for gilts
• Enabling Straight Through Processing

26
Real Time Gross Settlement
CFMS
IAS
Settlement Accounts
Intra Day Liquidity
SSS
IFTP
Strip Store Processes
RBI Payments and Actg. Entry Interface
INFINET
NSS
Participants Interface
Participants Interface
Participants Interface
27
RTGS Scenario

• 92 banks have implemented it
• 3-4 more to implement in a fortnight
• Customer transactions have already started
• Total volumes Transactions on average Rs.20,000
  crores per day settled continuously from the time
  of opening of markets
• Guarantee settlement fund

28
RBI Initiatives in Payment and Settlement Systems
(3)

• The Securities Settlement System
• Providing centralized depository and
  settlement services
• Seamlessly integrated with the NDS and RTGS
  Systems
• The Clearing Corporation of India
• Secured netting services with central
  counterparty arrangements
• G-Sec and Forex segments
• Elimination of settlement risks with liquidity
  saving elements

29
Smart Cards The Future

• Multi-application Smart Card
• Channel of the future
• Pilot project started
• Pilot Project funded by MCIT, Govt. of India
• The project is in progress in partnership with
  IDRBT, IIT Bombay, and Banks in India

30
RBI and Customer Service(1)
Dissemination of information The RBI website
Multiple Delivery Channels Coin Note
Dispensing Machines For the general public
Interactive Voice Response System For banks and
financial institutions Web server For
government customers On the anvil. A secured
web server SFMS/email based communication with
customers
31
RBI and Customer Service...(2)
Improvements in payment and settlement systems
MICR Clearing Enabling faster clearing of
cheques Cheque Truncation E-Cheques On the
drawing board ECS/EFT Enabling T2 settlement of
our equities market National EFT Enabling T0
settlement of all customer funds transfer
transactions
32
Issues in Implementation Less than 10 of
failures are due to technical snags most are
due to poor management and implementation

• Resistance to change
• Overlooking process reengineering
• Project management
• Dedicated project teams
• Change management
• Policies
• People Skills Training
• Basic Infrastructure telecom, power
• Security
• Privacy confidentiality
• Legal and regulatory issues

33
Pre-requisites for Technology
34
The pre-requisites for Technology

• Planning for disasters
• Increased operational risk
• Business Continuity Planning
• Business Process Re-engineering
• Human Resource Empowerment

35
Disaster Management

• An action plan to combat perceived
  threatscontains 3 different stages
• Prevention
• Rescue and relief
• Post-disaster rehabilitation
• The to-dos list
• Disaster recovery policy procedures
• Identification of critical tasks information
• Regular drills
• Training

36
Disaster Recovery Planning Cycle
Veritas
37
Getting Personal with Personnel

• People represent the most precious asset
• Large employee base largely untrained. Training
  scope methodology?
• VRS to balance costs. Break even? Down sizing?
• Bring in young blood
• Campus recruitment
• Re-defining designing jobs. Career paths?
• Specialist Vs. Generalist
• Attrition of trained employees to IT industry /
  other banks. Competitive incentives?
• Re-location of personnel. Union issues?
• Retrained personnel. Morale of employees?

38
Need for Training

• All these developments call for extensive,
  continuous training
• Current and future technology implementations
  call for at least 20 of officers specialise in
  IT
• Hence need for specially skilled people a mix
  of
• System administrators
• Application managers (knowledgeable about both
  banking and technology)
• Technology managers (who form the core team of
  technology professionals).

39
Some Security Related Matters
40
Security is aboutcementing the weak link

• Enemy will never strike at your strong pointsit
  will target the chinks in your armour
• Hencewhat is needed is
• Systematic, periodic review of security
  arrangements
• Locate the weak links build them
• It is not a one-time project, rather a
  continuous exercise

41
Computer Crimes

• Only 5 of cyber crimes in banks are reported in
  India, as opposed to 20 globally. Of these, over
  60 per cent are instances of internal fraud
  (NASSCOM)
• In August 2004 alone, the number of reported
  cyber crimes crossed 1,37,529 and the figure has
  been growing by 50 per cent year-on-year
• Occur in 3 ways
• Physical Crimes
• Data-Related Crimes
• Software-Related Crimes
• To combat the same, IT ACT 2000 is a step in the
  direction
• In addition, strong security measures (physical
  data) plus disaster recovery are essential

42
Security Controls

• Authentication of e-banking customers
• Non-repudiation and accountability for e-banking
  transactions
• Appropriate measures to ensure segregation of
  duties
• Proper authorisation controls within e-banking
  systems, databases and applications
• Data integrity of e-banking transactions, records
  and information
• Establishment of clear audit trails for e-baking
  transactions
• Confidentiality of key bank information

43
Physical Security Aspects

• Clearly defined responsibilities of Chief
  Security Officer
• Devise security policy programme
• Motivation education of security force
• Develop espirit-de-corps
• Training not only for security personnel for
  entire staff
• At security personnel level discipline and
  performance to be stressed
• Exercise caution in recruiting private security
  agencies do the groundwork well! What to look
  for
• Armed guards with licensed weapons
• Effective infrastructure for training the guards
• Credible Supervisory infrastructure and
• Security clearance by the State Government
  authorities

44
Physical Security Measures (1) Technology
deployment has gone into building stronger
physical security. Key developments

• Carriage Inspection Mirrors
• Hotlines/Autodialers and mobile phones
• Time Lock Systems
• Integrated Crisis Management (ICM) Arrangement.
• Magnetic Contacts/Sensors
• Glass Break Sensors
• Passive Infra-Red (PIR) Movement Sensors
• Vibration Detectors
• Door Frame or Hand Held Metal Detectors
  (DFMDs/HHMDs)

• Access Control Measures such as identity cards,
  entry permits, magnetic cards, computer vision or
  biometric control systems etc.
• Fire/Smoke detection systems, particularly which
  are covered by National Building Code
• Security Alarm Systems
• X-Ray Scanner Machines
• CCTV Systems
• Public address systems
• Hotline incl. Remote access wireless links
• Detection of chemicals and explosives using
  probes

45
Physical Security Measures (2)

• Speed Breakers
• Boom Barriers
• Remotely operated collapsing barriers
• Bollards
• Spike busters on wheels zigzag
• High mounted concealed cameras (photographing the
  number plates)

46
Surveillance camera
IR sensors
Inspection mirror
Smoke Alarm sensors
Finger-print reader
Specialty mirror for deterrence
Iris Scanner
X-ray scanner
Metal Detector
Access control -
Graded access to various levels
47
CCTV

• Perhaps the most critical element in
  administering and monitoring security
• Benefits
• Helps plan conduct security
• Eliminates grey zones in investigations
• Helps study behaviours of staff customers
• Identifies potential threat/losses
• Helps employees remain alert confident
• Minimum achievable objectives
• Early warning
• Recorded evidence
• Spot corrections
• Strong Deterrent

48
Physical DataSecurity What Else?

• Application of Biometrics (e.g, instead of just
  fingerprint, an Indian company uses the palmprint
  for identification)
• Use of infra-red sensors, beams detectors
• Specialised x-ray imaging can we detect if the
  currency in a sealed box is counterfeit?
• Issue with telephone connectivity can be just
  snappedcan remote wireless systems be used
  instead?
• What to with Data Securityif the data vanishes
  simply? Need to capture data on real-time basis
  at designated remote disaster recovery sites
• Not all bank branches are computerised then
  there will be issues of data security and
  integrity how to capture the data from the
  non-computerised branches at regional hubs etc.

49
How to Ensure Security??-A Framework
Assess
Respond
Protect
Detect
50
(No Transcript)
51
(No Transcript)
52
IDRBTs Solutions for Security Risk Management
(SRM)
RiskAssessment
GapAnalysis
IS Audit
SRMfor Banks
Policy ProceduresDevelopment
Awareness byTraining
INFINET
Implementation
PKI
53
Currency Management Movement of Treasure
54
Mechanized Sorting of Notes in the Chests

• Chests must send only unfit notes to RBI
• Desktop machines current costs must be made
  cheaper? Indigenous technology to be explored
• Easy to operate
• Reasonable capability to detect counterfeit notes
• Various range of processing speed in different
  models (15 to 25,000 pcs per hour)
• Also available on rent and lease (outsourcing by
  reliable third parties)
• Mechanized sorting is the only way to handle the
  increasing volume of soiled notes

55
Agencies Involved in Currency Management
Railways
RBI's
Presses
56
Movement of Treasure ..(1)

• Specially built trucks for short distance
  (journey completed during the day)
• Railways for long distance
• Guarded by police
• Remittance accompanied by officials of RBI to
  chests
• Further movement from chest to a branch done by
  the bank concerned should be done in utmost
  secrecy and nearest police stations kept on alert.

57
Movement of Treasure .. (2)

• These remittances are insured and it appears the
  miscreants are aware of insurance limits when
  robberies take place.
• Due diligence to be done on the transport
  operators including drivers and cleaners employed
  by them.
• Currency to be moved only in container trucks
  with tarpaulins etc. also good quality vehicles
  to be used
• GPRS has a major role to play (Radio Frequency
  Identification Detection (RFID) Technology)

58
Movement of Treasure GPRS Network System
In each state, we can drilldown exact location of
the vehicle
59


Cross-movement of Currency

Chandigarh


Noida
New Delhi


Jaipur
Lucknow

Guwahati

Kanpur


Patna
Bhopal



Salboni
Ahamadabad
Dewas


Calcutta
Calcutta


Nagpur


Bhuaneshwar
Nasik
Mumbai



Mumbai
Hyderabad
Byculla
Fresh Notes/Coins from Press/Mint pass on to the
banks/public only through RBI offices hence
cross-movement

Hyderabad
Press



Banglore
Mysore
Mint


Chennai
Issue Offices


Trivandrum
60
The future will be not be more of the same  
we need to be ready..
Thank You