21.01.2014 Views

The Future of Banking-andhrabank-nov4-04.pdf - IDRBT

The Future of Banking-andhrabank-nov4-04.pdf - IDRBT

The Future of Banking-andhrabank-nov4-04.pdf - IDRBT

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

<strong>The</strong> <strong>Future</strong> <strong>of</strong> <strong>Banking</strong><br />

&<br />

Some Security Related Matters<br />

(November 4, 2004)<br />

at Andhra Bank<br />

by<br />

Vepa Kamesam<br />

Former Deputy Governor, RBI<br />

Currently Chairman, <strong>IDRBT</strong>/BRBNML


Technology and <strong>Banking</strong><br />

<strong>The</strong> Quintessence Nature <strong>of</strong> <strong>Banking</strong> harmonizes<br />

closely with Technology –<br />

Tasks Common to<br />

Both<br />

<strong>Banking</strong><br />

Information<br />

Storage<br />

Processing<br />

Transmission<br />

Technology<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Innovative Risk<br />

Management<br />

Complex Credit<br />

Calculations<br />

Pervasive Branch<br />

Network<br />

Mass Transaction<br />

& Items Processing<br />

Global Operations<br />

<strong>Banking</strong> and Technology<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Many Benefits <strong>of</strong> Technology<br />

• Increased operational efficiency, pr<strong>of</strong>itability &<br />

productivity<br />

• Superior customer service<br />

• Multi-channel, real-time transaction processing<br />

• Better cross-selling ability<br />

• Improved management and accountability<br />

• Efficient NPA and risk management<br />

• Minimal transaction costs<br />

• Improved financial analyses capabilities<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Focus aspects <strong>of</strong> Commercial <strong>Banking</strong><br />

now are:<br />

BANK’S BUSINESS<br />

RAISING DEPOSITS<br />

Core<br />

<strong>Banking</strong> (CBS)<br />

Electronic<br />

<strong>Banking</strong><br />

Any Branch<br />

<strong>Banking</strong><br />

CRM<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

MIS &<br />

Intranet<br />

CORPORATE<br />

NETWORK<br />

Risk<br />

Management<br />

BANK’S BUSINESS<br />

November 4, 2004<br />

ATMs<br />

POS Terminals<br />

and Cash<br />

dispenser<br />

Card<br />

Management<br />

Document<br />

Management<br />

Resource<br />

Management<br />

LOANS & MISC. SERVICES<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Financial Technology Infrastructure<br />

Data Center to host servers for:<br />

• CBS<br />

• ATM/Financial Switch<br />

• Internet <strong>Banking</strong><br />

• DW/DM/CRM/MIS etc.<br />

• Back-<strong>of</strong>fice Application<br />

• E-mail Servers, Internet Server,<br />

Enterprise-wide Network & Networking<br />

Equipment<br />

Security Systems<br />

Systems at Branches/RO/ZO/CO Depts.<br />

Supporting Systems<br />

Disaster Recovery Site & Business Continuity<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Technology – A Differentiator<br />

Technology is indeed a differentiator not only in<br />

terms <strong>of</strong> competitive advantage, but also in<br />

terms <strong>of</strong> administrative and back-end<br />

processes….<br />

But…due to rapid technology deployment in<br />

Indian banking sector, the “haves” and<br />

“have-nots” gap is all set to narrow quickly.<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


How Long a Differentiator?<br />

• <strong>The</strong>n….can technology be enough <strong>of</strong> a differentiator?<br />

• Any new technology or technology-enabled process can<br />

act as a differentiator or a competitive edge for some<br />

level <strong>of</strong> time.<br />

• After that time, the technology still has to be adopted as<br />

a “necessity” and as a cost <strong>of</strong> doing business<br />

Thanks to shortening technology life cycles, it would be<br />

short sighted to assume that technology would be a long<br />

term differentiator…<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


For Long-Term Differentiation<br />

Elements <strong>of</strong> Technology as a<br />

Differentiator<br />

Scalability<br />

&<br />

Flexibility<br />

Efficient<br />

utilisation,<br />

mgmt<br />

Process<br />

enabling<br />

Utility to<br />

customer<br />

Support<br />

Skills<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Issues with Customers<br />

Not only employees, there are<br />

problems for customers too<br />

when a new technology<br />

arrives…<br />

• <strong>The</strong> major challenges –<br />

– Comfort levels<br />

– Security and trust issues<br />

– Convenience factor<br />

– Getting rid <strong>of</strong> myths<br />

– Migration from existing to new<br />

systems<br />

– Changing the habits<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


POS Terminal and Cash Dispenser<br />

POS Terminal<br />

Connected to<br />

Cash dispenser<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Electronic<br />

<strong>Banking</strong><br />

ATM<br />

Branch<br />

<strong>Banking</strong><br />

Branch 2<br />

Branch 3<br />

Branch 1<br />

Head Office<br />

Branch 4<br />

Branch n<br />

Branch 6<br />

Branch 5<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Technology Acquisition<br />

• Inappropriate technology purchases can be the root<br />

<strong>of</strong> all problems…<br />

• <strong>The</strong> Bank management has to:<br />

– Give thought to the utilization rate<br />

– Avoid “knee-jerk” reactions (“they have done it…I should<br />

also do it”)<br />

– Be impartial in technology decisions (“I like that<br />

technology…I want it”)<br />

– Understand where the solution will fit AND where it<br />

won’t!<br />

– Assess the strengths & weakness <strong>of</strong> solution<br />

– And seek answer to “are we ready for it?”<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Differentiation is attained not achieved just through<br />

technology, it is gained in the way the technology is selected,<br />

implemented and utilised<br />

•Goal definition<br />

•Integrating<br />

business &<br />

technology goals<br />

•Solution features<br />

•Vendor selection<br />

•Business process<br />

re-engineering<br />

•Change<br />

management<br />

Technology<br />

For Sustained<br />

Differentiation<br />

•Efficient utilisation<br />

•Customer utility<br />

•Technology<br />

Management<br />

•Support functions<br />

•Maintenance<br />

•Back-ups and<br />

Disaster Recovery<br />

•Scalability &<br />

flexibility<br />

•Learning &<br />

evolution<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Regulation and Supervision –<br />

<strong>The</strong> Challenge<br />

Challenge <strong>of</strong> Technology:<br />

New markets, products, services, delivery channels<br />

Opened up a market for “risks” – derivatives<br />

Challenge <strong>of</strong> financing tech firms & IT innovation<br />

all have implications for the stability <strong>of</strong> banks and <strong>of</strong> the<br />

economy<br />

<strong>The</strong> Opportunity<br />

Regulators have new tools<br />

Focus <strong>of</strong> all recent financial sector reforms<br />

Emergence <strong>of</strong> non-intrusive, focused supervision<br />

…with a view to prevent frauds and disturbances to<br />

financial stability<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Technology and <strong>Banking</strong><br />

THE RBI RESPONSE<br />

Supervision<br />

Offsite Supervision & Monitoring<br />

OSMOS<br />

COSMOS (Non banking Financial Companies /<br />

Development Financial Institutions)<br />

UBD S<strong>of</strong>t<br />

Credit Information Bureau (A joint venture<br />

between Housing Development Finance<br />

Corporation Ltd., State Bank <strong>of</strong> India, Trans<br />

Union International Inc. & Dun & Bradstreet<br />

Information Services India Pvt. Ltd.)<br />

IS Audit done by authorized agencies &<br />

compliances there<strong>of</strong>.<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Currency Management and<br />

Technology – Opportunities Galore<br />

Currency Management - a formidable task in India<br />

given…<br />

• the geographical size, the volume and value <strong>of</strong> notes and coins in<br />

circulation, preference for cash and currency handling practices<br />

• ...but technology <strong>of</strong>fers immense opportunities to improve<br />

performance<br />

RBI’s <strong>The</strong> Clean Note Policy (1999)<br />

Establishment <strong>of</strong> 2 state <strong>of</strong> the art currency presses<br />

Technology driven anti counterfeit measures<br />

48 fully automated Currency Verification & Processing Systems<br />

21 Shredding and Briquetting Machines<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Technology & Monetary Systems<br />

<strong>The</strong> Opportunities –<br />

• <strong>The</strong> proliferation <strong>of</strong> IT has also set the stage for<br />

improving and managing risks in payment systems<br />

– Electronic Trading Systems<br />

– DVP/PVP<br />

–RTGS<br />

– Secured Netting Systems<br />

– <strong>The</strong> growth <strong>of</strong> the Central Counterparty (CCP)<br />

– Continuous Linked Settlement<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Continuous<br />

Linked<br />

Settlement<br />

Central<br />

Counter<br />

party<br />

Secured<br />

Netting<br />

Systems<br />

Payment<br />

Versus<br />

Payment<br />

IT and Payment and<br />

Settlement Systems<br />

Delivery<br />

Versus<br />

Payments<br />

Electronic<br />

Dealing<br />

Platforms<br />

Real<br />

Time<br />

Gross<br />

Settlement<br />

Demateria<br />

-lisation<br />

Of<br />

Securities<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004 Vepa Kamesam, Chairman <strong>IDRBT</strong>


NEFT<br />

NFS/IBPG<br />

CFMS<br />

PKI-based<br />

Security<br />

SFMS<br />

INFINE<br />

T<br />

<strong>IDRBT</strong><br />

RBI<br />

INITIATIVES<br />

IN PAYMENT<br />

&<br />

SETTLEMENT<br />

SYSTEMS<br />

RTGS<br />

PDO-NDS & SSS<br />

Compliance with<br />

BIS Core Principles<br />

Clearing<br />

Corporation<br />

<strong>of</strong> India<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


RBI Initiatives in Payment<br />

and Settlement Systems (1)<br />

<strong>The</strong> <strong>IDRBT</strong><br />

• Network Externalities<br />

• <strong>The</strong> Indian Financial Network (INFINET)<br />

• Messaging Solutions<br />

• <strong>The</strong> Structured Financial Messaging System (SFMS)<br />

• Security<br />

• Public Key Infrastructure<br />

• <strong>IDRBT</strong> CA<br />

• National Financial Switch<br />

• Inter Bank Payment Gateway<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


JAMMU<br />

CHANDIGARH<br />

IN FIN ET Le a se d Line Ne tw o rk<br />

JAIPUR<br />

DELHI<br />

LUCKNOW<br />

KANPUR<br />

BHOPAL<br />

CALCUTTA<br />

AHMEDABAD<br />

GUWAHATI<br />

MUMBAI<br />

PATNA<br />

GOA<br />

NAGPUR<br />

PUNE<br />

BANGALORE<br />

BHUBANESHWAR<br />

HYDERABAD<br />

RBI<br />

KOCHI<br />

CHENNAI<br />

<strong>IDRBT</strong><br />

HYDERABAD<br />

THIRUVANANTHAPURAM<br />

4 X 2 Mbps<br />

2 X 2 Mbps<br />

2 Mbps with<br />

ISDN Backup<br />

2 Mbps<br />

64 Kbps<br />

CUG links<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


PKI Hierarchy<br />

CCA<br />

<strong>IDRBT</strong> CA<br />

Repository<br />

<strong>IDRBT</strong> CA<br />

RA<br />

RA<br />

RA<br />

Subscriber<br />

Subscriber Subscriber Subscriber<br />

Subscriber<br />

Subscriber<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


NFS CONNECTIVITY with Existing Consortiums & Individual Banks<br />

ISDN<br />

National Financial Switch &<br />

E- Payment Gateway<br />

ISDN<br />

Leased Line<br />

Leased Line<br />

Bank 1<br />

Bank 2<br />

ISDN<br />

INFINET<br />

Leased Line<br />

Broad Band VSAT<br />

Bank N<br />

ISDN<br />

Leased Line<br />

Leased Line<br />

ISDN<br />

ISDN<br />

CashNet<br />

IP Address:202.138.123.68<br />

Subnet Mask: 255.255.255.254<br />

Location: Mumbai<br />

MITR<br />

Location: Chennai<br />

BANCS & Cashtree<br />

Location: Mumbai<br />

Primary Link<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Backup Link<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


RBI Initiatives in Payment<br />

and Settlement Systems (2)<br />

A Real Time Gross Settlement System<br />

• Reduction <strong>of</strong> systemic risk in inter bank<br />

payment systems<br />

• To be implemented by the year end<br />

<strong>The</strong> Centralised Funds Settlement System<br />

• Facilitating effective liquidity management<br />

<strong>The</strong> Negotiated Dealing System<br />

• A modern electronic dealing platform for gilts<br />

• Enabling Straight Through Processing<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


CFMS<br />

Real Time<br />

Gross<br />

Settlement<br />

Intra Day<br />

Liquidity<br />

SSS<br />

Settlement<br />

Accounts<br />

IFTP Strip & Store<br />

Processes<br />

RBI Payments and<br />

Actg. Entry<br />

Interface<br />

INFINET<br />

NSS<br />

Participant’s<br />

Interface<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

Participant’s<br />

Interface<br />

November 4, 2004<br />

Participant’s<br />

Interface<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


RTGS Scenario<br />

• 92 banks have implemented it<br />

• 3-4 more to implement in a fortnight<br />

• Customer transactions have already started<br />

• Total volumes – Transactions on average<br />

Rs.20,000 crores per day settled continuously<br />

from the time <strong>of</strong> opening <strong>of</strong> markets<br />

• Guarantee settlement fund<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


RBI Initiatives in Payment<br />

and Settlement Systems (3)<br />

<strong>The</strong> Securities Settlement System<br />

• Providing centralized depository and<br />

settlement services<br />

• Seamlessly integrated with the NDS and<br />

RTGS Systems<br />

<strong>The</strong> Clearing Corporation <strong>of</strong> India<br />

• Secured netting services with central<br />

counterparty arrangements<br />

• G-Sec and Forex segments<br />

• Elimination <strong>of</strong> settlement risks with liquidity<br />

saving elements<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Smart Cards – <strong>The</strong> <strong>Future</strong><br />

• Multi-application Smart Card<br />

• Channel <strong>of</strong> the future<br />

• Pilot project started<br />

• Pilot Project funded by MCIT, Govt. <strong>of</strong><br />

India<br />

• <strong>The</strong> project is in progress in partnership<br />

with <strong>IDRBT</strong>, IIT Bombay, and Banks in<br />

India<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


RBI and Customer Service…(1)<br />

Dissemination <strong>of</strong> information<br />

<strong>The</strong> RBI website<br />

Multiple Delivery Channels<br />

Coin & Note Dispensing Machines<br />

For the general public<br />

Interactive Voice Response System<br />

For banks and financial institutions<br />

Web server<br />

For government customers<br />

On the anvil….<br />

A secured web server<br />

SFMS/email based communication<br />

with customers<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


RBI and Customer Service...(2)<br />

Improvements in payment and settlement<br />

systems<br />

MICR Clearing<br />

Enabling faster clearing <strong>of</strong> cheques<br />

Cheque Truncation & E-Cheques<br />

On the drawing board<br />

ECS/EFT<br />

Enabling T+2 settlement <strong>of</strong> our equities<br />

market<br />

National EFT<br />

Enabling T+0 settlement <strong>of</strong> all<br />

customer funds transfer transactions<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Issues in Implementation<br />

“Less than 10% <strong>of</strong> failures are due to technical snags – most are due to<br />

poor management and implementation”<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Resistance to change<br />

Overlooking process<br />

reengineering<br />

Project management<br />

Dedicated project teams<br />

Change management<br />

Policies<br />

People Skills & Training<br />

Basic Infrastructure – telecom,<br />

power<br />

Security<br />

Privacy & confidentiality<br />

Legal and regulatory issues<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Pre-requisites for Technology<br />

Human Resource<br />

Empowerment<br />

Business Process<br />

Re-engineering<br />

engineering<br />

Planning for<br />

Disasters<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


<strong>The</strong> pre-requisites for<br />

Technology<br />

Planning for disasters<br />

• Increased operational risk<br />

• Business Continuity Planning<br />

Business Process Re-engineering<br />

Human Resource Empowerment<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Disaster Management<br />

• An action plan to combat perceived<br />

threats…contains 3 different stages:<br />

– Prevention<br />

– Rescue and relief<br />

– Post-disaster rehabilitation<br />

• <strong>The</strong> “to-do’s” list<br />

– Disaster recovery policy & procedures<br />

– Identification <strong>of</strong> critical tasks & information<br />

– Regular drills<br />

– Training<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Disaster Recovery Planning Cycle<br />

Veritas<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Getting Personal with Personnel<br />

People represent the most precious asset<br />

• Large employee base – largely untrained. Training<br />

scope & methodology?<br />

• VRS to balance costs. Break even? Down sizing?<br />

• Bring in young blood<br />

• Campus recruitment<br />

• Re-defining & designing jobs. Career paths?<br />

• Specialist Vs. Generalist<br />

• Attrition <strong>of</strong> trained employees to IT industry / other<br />

banks. Competitive incentives?<br />

• Re-location <strong>of</strong> personnel. Union issues?<br />

• Retrained personnel. Morale <strong>of</strong> employees?<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Need for Training<br />

• All these developments call for extensive, continuous<br />

training<br />

• Current and future technology implementations call<br />

for at least 20% <strong>of</strong> <strong>of</strong>ficers specialise in IT<br />

• Hence need for specially skilled people – a mix <strong>of</strong>:<br />

– System administrators<br />

– Application managers (knowledgeable about both banking<br />

and technology)<br />

– Technology managers (who form the core team <strong>of</strong> technology<br />

pr<strong>of</strong>essionals).<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Some Security<br />

Related Matters<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Security is about…cementing<br />

the weak link<br />

• Enemy will never strike at your strong<br />

points…it will target the chinks in<br />

your armour<br />

• Hence…what is needed is:<br />

– Systematic, periodic review <strong>of</strong> security<br />

arrangements<br />

– Locate the weak links & build them<br />

• It is not a “one-time” project, rather a<br />

continuous exercise<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Computer Crimes<br />

• Only 5% <strong>of</strong> cyber crimes in banks are reported in India,<br />

as opposed to 20% globally. Of these, over 60 per cent<br />

are instances <strong>of</strong> internal fraud (NASSCOM)<br />

• In August 2004 alone, the number <strong>of</strong> reported cyber<br />

crimes crossed 1,37,529 and the figure has been growing<br />

by 50 per cent year-on-year<br />

• Occur in 3 ways:<br />

– Physical Crimes<br />

– Data-Related Crimes<br />

– S<strong>of</strong>tware-Related Crimes<br />

• To combat the same, IT ACT 2000 is a step in the<br />

direction<br />

• In addition, strong security measures (physical & data)<br />

plus disaster recovery are essential<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Security Controls<br />

• Authentication <strong>of</strong> e-banking customers<br />

• Non-repudiation and accountability for e-<br />

banking transactions<br />

• Appropriate measures to ensure segregation <strong>of</strong><br />

duties<br />

• Proper authorisation controls within e-banking<br />

systems, databases and applications<br />

• Data integrity <strong>of</strong> e-banking transactions, records<br />

and information<br />

• Establishment <strong>of</strong> clear audit trails for e-baking<br />

transactions<br />

• Confidentiality <strong>of</strong> key bank information<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Physical Security Aspects<br />

• Clearly defined responsibilities <strong>of</strong> Chief Security Officer:<br />

– Devise security policy & programme<br />

– Motivation & education <strong>of</strong> security force<br />

– Develop espirit-de-corps<br />

• Training not only for security personnel for entire staff<br />

• At security personnel level – discipline and performance to<br />

be stressed<br />

• Exercise caution in recruiting private security agencies – do<br />

the groundwork well! What to look for:<br />

– Armed guards with licensed weapons<br />

– Effective infrastructure for training the guards<br />

– Credible Supervisory infrastructure and<br />

– Security clearance by the State Government authorities<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Physical Security Measures (1)<br />

Technology deployment has gone into building stronger<br />

physical security. Key developments<br />

• Access Control Measures such<br />

as identity cards, entry permits,<br />

magnetic cards, computer vision<br />

or biometric control systems<br />

etc.<br />

• Fire/Smoke detection systems,<br />

particularly which are covered<br />

by National Building Code<br />

• Security Alarm Systems<br />

• X-Ray Scanner Machines<br />

• CCTV Systems<br />

• Public address systems<br />

• Hotline incl. Remote access<br />

wireless links<br />

• Detection <strong>of</strong> chemicals and<br />

explosives using probes<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

• Carriage Inspection Mirrors<br />

• Hotlines/Autodialers and mobile<br />

phones<br />

• Time Lock Systems<br />

• Integrated Crisis Management<br />

(ICM) Arrangement.<br />

• Magnetic Contacts/Sensors<br />

• Glass Break Sensors<br />

• Passive Infra-Red (PIR)<br />

Movement Sensors<br />

• Vibration Detectors<br />

• Door Frame or Hand Held Metal<br />

Detectors (DFMDs/HHMDs)<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Physical Security Measures (2)<br />

• Speed Breakers<br />

• Boom Barriers<br />

• Remotely operated collapsing barriers<br />

• Bollards<br />

• Spike busters – on wheels – zigzag<br />

• High mounted concealed cameras (photographing<br />

the number plates)<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Inspection mirror<br />

Surveillance camera<br />

IR sensors<br />

Smoke Alarm<br />

sensors<br />

Specialty mirror<br />

for deterrence<br />

Finger-print<br />

reader<br />

X-ray scanner<br />

Iris<br />

Scanner<br />

Metal Detector<br />

Access<br />

control -<br />

Graded access to<br />

various levels<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


CCTV<br />

• Perhaps the most critical element in administering and<br />

monitoring security<br />

• Benefits:<br />

– Helps plan & conduct security<br />

– Eliminates grey zones in investigations<br />

– Helps study behaviours <strong>of</strong> staff & customers<br />

– Identifies potential threat/losses<br />

– Helps employees remain alert & confident<br />

• Minimum achievable objectives:<br />

–Early warning<br />

– Recorded evidence<br />

– Spot corrections<br />

– Strong Deterrent<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Physical & DataSecurity – What Else?<br />

• Application <strong>of</strong> Biometrics (e.g, instead <strong>of</strong> just fingerprint,<br />

an Indian company uses the palmprint for identification)<br />

• Use <strong>of</strong> infra-red sensors, beams & detectors<br />

• Specialised x-ray imaging – can we detect if the currency<br />

in a sealed box is counterfeit?<br />

• Issue with telephone connectivity – can be just<br />

snapped…can remote wireless systems be used instead?<br />

• What to with Data Security…if the data vanishes simply?<br />

Need to capture data on real-time basis at designated<br />

remote disaster recovery sites<br />

• Not all bank branches are computerised – then there will<br />

be issues <strong>of</strong> data security and integrity & how to capture<br />

the data from the non-computerised branches at regional<br />

hubs etc.<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


How to Ensure Security??-A Framework<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


<strong>IDRBT</strong>’s Solutions for Security<br />

Risk Management (SRM)<br />

Risk<br />

Assessment<br />

IS Audit<br />

Awareness by<br />

Training<br />

SRM<br />

for<br />

Banks<br />

Gap<br />

Analysis<br />

Policy &<br />

Procedures<br />

Development<br />

PKI<br />

Implementation<br />

INFINET<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Currency Management<br />

&<br />

Movement <strong>of</strong> Treasure<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Mechanized Sorting <strong>of</strong><br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

Notes in the Chests<br />

• Chests must send only unfit notes to RBI<br />

• Desktop machines – current costs must be<br />

made cheaper? Indigenous technology to be<br />

explored<br />

• Easy to operate<br />

• Reasonable capability to detect counterfeit<br />

notes<br />

• Various range <strong>of</strong> processing speed in different<br />

models (15 to 25,000 pcs per hour)<br />

• Also available on rent and lease (outsourcing<br />

by reliable third parties)<br />

• Mechanized sorting is the only way to handle<br />

the increasing volume <strong>of</strong> soiled notes<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Agencies Involved in<br />

Currency Management<br />

Police<br />

MOF<br />

Railways<br />

RBI<br />

RBI's<br />

Presses<br />

Govt<br />

Presses<br />

Mints<br />

Banks<br />

(chests)<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Movement <strong>of</strong> Treasure ..(1)<br />

• Specially built trucks for short distance<br />

(journey completed during the day)<br />

• Railways for long distance<br />

• Guarded by police<br />

• Remittance accompanied by <strong>of</strong>ficials <strong>of</strong><br />

RBI to chests<br />

• Further movement from chest to a<br />

branch done by the bank concerned<br />

should be done in utmost secrecy and<br />

nearest police stations kept on alert.<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Movement <strong>of</strong> Treasure .. (2)<br />

•<strong>The</strong>se remittances are insured and it appears<br />

the miscreants are aware <strong>of</strong> insurance limits<br />

when robberies take place.<br />

•Due diligence to be done on the transport<br />

operators including drivers and cleaners<br />

employed by them.<br />

•Currency to be moved only in container<br />

trucks with tarpaulins etc. – also good quality<br />

vehicles to be used<br />

•GPRS has a major role to play (Radio<br />

Frequency Identification & Detection (RFID)<br />

Technology)<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Movement <strong>of</strong> Treasure<br />

GPRS Network System<br />

Uttar Pradesh<br />

Rajasthan<br />

Bihar<br />

Base Station<br />

Network Manager<br />

Maharashtra<br />

Kerala<br />

Andhra Pradesh<br />

In each state, we can drilldown<br />

exact location <strong>of</strong> the vehicle<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


Chandigarh<br />

Cross-movement <strong>of</strong> Currency<br />

Noida<br />

New Delhi<br />

Jaipur<br />

Lucknow<br />

Guwahati<br />

Kanpur<br />

Bhopal<br />

Patna<br />

Ahamadabad<br />

Dewas<br />

Salboni<br />

Calcutta<br />

Calcutta<br />

Mumbai<br />

Nasik<br />

Nagpur<br />

Bhuaneshwar<br />

Mumbai<br />

Byculla<br />

Hyderabad<br />

Hyderabad<br />

Mysore Banglore<br />

Chennai<br />

Trivandrum<br />

Press<br />

Mint<br />

Issue Offices<br />

Fresh Notes/Coins from<br />

Press/Mint pass on to<br />

the banks/public only<br />

through RBI <strong>of</strong>fices –<br />

hence cross-movement<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>


<strong>The</strong> future will be not be more <strong>of</strong><br />

the same…<br />

… we need to be ready..<br />

INSTITUTE FOR DEVELOPMENT AND<br />

RESEARCH IN BANKING TECHNOLOGY<br />

November 4, 2004<br />

Vepa Kamesam, Chairman <strong>IDRBT</strong>

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!