The Future of Banking-andhrabank-nov4-04.pdf - IDRBT
The Future of Banking-andhrabank-nov4-04.pdf - IDRBT
The Future of Banking-andhrabank-nov4-04.pdf - IDRBT
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>The</strong> <strong>Future</strong> <strong>of</strong> <strong>Banking</strong><br />
&<br />
Some Security Related Matters<br />
(November 4, 2004)<br />
at Andhra Bank<br />
by<br />
Vepa Kamesam<br />
Former Deputy Governor, RBI<br />
Currently Chairman, <strong>IDRBT</strong>/BRBNML
Technology and <strong>Banking</strong><br />
<strong>The</strong> Quintessence Nature <strong>of</strong> <strong>Banking</strong> harmonizes<br />
closely with Technology –<br />
Tasks Common to<br />
Both<br />
<strong>Banking</strong><br />
Information<br />
Storage<br />
Processing<br />
Transmission<br />
Technology<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Innovative Risk<br />
Management<br />
Complex Credit<br />
Calculations<br />
Pervasive Branch<br />
Network<br />
Mass Transaction<br />
& Items Processing<br />
Global Operations<br />
<strong>Banking</strong> and Technology<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Many Benefits <strong>of</strong> Technology<br />
• Increased operational efficiency, pr<strong>of</strong>itability &<br />
productivity<br />
• Superior customer service<br />
• Multi-channel, real-time transaction processing<br />
• Better cross-selling ability<br />
• Improved management and accountability<br />
• Efficient NPA and risk management<br />
• Minimal transaction costs<br />
• Improved financial analyses capabilities<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Focus aspects <strong>of</strong> Commercial <strong>Banking</strong><br />
now are:<br />
BANK’S BUSINESS<br />
RAISING DEPOSITS<br />
Core<br />
<strong>Banking</strong> (CBS)<br />
Electronic<br />
<strong>Banking</strong><br />
Any Branch<br />
<strong>Banking</strong><br />
CRM<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
MIS &<br />
Intranet<br />
CORPORATE<br />
NETWORK<br />
Risk<br />
Management<br />
BANK’S BUSINESS<br />
November 4, 2004<br />
ATMs<br />
POS Terminals<br />
and Cash<br />
dispenser<br />
Card<br />
Management<br />
Document<br />
Management<br />
Resource<br />
Management<br />
LOANS & MISC. SERVICES<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Financial Technology Infrastructure<br />
Data Center to host servers for:<br />
• CBS<br />
• ATM/Financial Switch<br />
• Internet <strong>Banking</strong><br />
• DW/DM/CRM/MIS etc.<br />
• Back-<strong>of</strong>fice Application<br />
• E-mail Servers, Internet Server,<br />
Enterprise-wide Network & Networking<br />
Equipment<br />
Security Systems<br />
Systems at Branches/RO/ZO/CO Depts.<br />
Supporting Systems<br />
Disaster Recovery Site & Business Continuity<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Technology – A Differentiator<br />
Technology is indeed a differentiator not only in<br />
terms <strong>of</strong> competitive advantage, but also in<br />
terms <strong>of</strong> administrative and back-end<br />
processes….<br />
But…due to rapid technology deployment in<br />
Indian banking sector, the “haves” and<br />
“have-nots” gap is all set to narrow quickly.<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
How Long a Differentiator?<br />
• <strong>The</strong>n….can technology be enough <strong>of</strong> a differentiator?<br />
• Any new technology or technology-enabled process can<br />
act as a differentiator or a competitive edge for some<br />
level <strong>of</strong> time.<br />
• After that time, the technology still has to be adopted as<br />
a “necessity” and as a cost <strong>of</strong> doing business<br />
Thanks to shortening technology life cycles, it would be<br />
short sighted to assume that technology would be a long<br />
term differentiator…<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
For Long-Term Differentiation<br />
Elements <strong>of</strong> Technology as a<br />
Differentiator<br />
Scalability<br />
&<br />
Flexibility<br />
Efficient<br />
utilisation,<br />
mgmt<br />
Process<br />
enabling<br />
Utility to<br />
customer<br />
Support<br />
Skills<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Issues with Customers<br />
Not only employees, there are<br />
problems for customers too<br />
when a new technology<br />
arrives…<br />
• <strong>The</strong> major challenges –<br />
– Comfort levels<br />
– Security and trust issues<br />
– Convenience factor<br />
– Getting rid <strong>of</strong> myths<br />
– Migration from existing to new<br />
systems<br />
– Changing the habits<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
POS Terminal and Cash Dispenser<br />
POS Terminal<br />
Connected to<br />
Cash dispenser<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Electronic<br />
<strong>Banking</strong><br />
ATM<br />
Branch<br />
<strong>Banking</strong><br />
Branch 2<br />
Branch 3<br />
Branch 1<br />
Head Office<br />
Branch 4<br />
Branch n<br />
Branch 6<br />
Branch 5<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Technology Acquisition<br />
• Inappropriate technology purchases can be the root<br />
<strong>of</strong> all problems…<br />
• <strong>The</strong> Bank management has to:<br />
– Give thought to the utilization rate<br />
– Avoid “knee-jerk” reactions (“they have done it…I should<br />
also do it”)<br />
– Be impartial in technology decisions (“I like that<br />
technology…I want it”)<br />
– Understand where the solution will fit AND where it<br />
won’t!<br />
– Assess the strengths & weakness <strong>of</strong> solution<br />
– And seek answer to “are we ready for it?”<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Differentiation is attained not achieved just through<br />
technology, it is gained in the way the technology is selected,<br />
implemented and utilised<br />
•Goal definition<br />
•Integrating<br />
business &<br />
technology goals<br />
•Solution features<br />
•Vendor selection<br />
•Business process<br />
re-engineering<br />
•Change<br />
management<br />
Technology<br />
For Sustained<br />
Differentiation<br />
•Efficient utilisation<br />
•Customer utility<br />
•Technology<br />
Management<br />
•Support functions<br />
•Maintenance<br />
•Back-ups and<br />
Disaster Recovery<br />
•Scalability &<br />
flexibility<br />
•Learning &<br />
evolution<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Regulation and Supervision –<br />
<strong>The</strong> Challenge<br />
Challenge <strong>of</strong> Technology:<br />
New markets, products, services, delivery channels<br />
Opened up a market for “risks” – derivatives<br />
Challenge <strong>of</strong> financing tech firms & IT innovation<br />
all have implications for the stability <strong>of</strong> banks and <strong>of</strong> the<br />
economy<br />
<strong>The</strong> Opportunity<br />
Regulators have new tools<br />
Focus <strong>of</strong> all recent financial sector reforms<br />
Emergence <strong>of</strong> non-intrusive, focused supervision<br />
…with a view to prevent frauds and disturbances to<br />
financial stability<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Technology and <strong>Banking</strong><br />
THE RBI RESPONSE<br />
Supervision<br />
Offsite Supervision & Monitoring<br />
OSMOS<br />
COSMOS (Non banking Financial Companies /<br />
Development Financial Institutions)<br />
UBD S<strong>of</strong>t<br />
Credit Information Bureau (A joint venture<br />
between Housing Development Finance<br />
Corporation Ltd., State Bank <strong>of</strong> India, Trans<br />
Union International Inc. & Dun & Bradstreet<br />
Information Services India Pvt. Ltd.)<br />
IS Audit done by authorized agencies &<br />
compliances there<strong>of</strong>.<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Currency Management and<br />
Technology – Opportunities Galore<br />
Currency Management - a formidable task in India<br />
given…<br />
• the geographical size, the volume and value <strong>of</strong> notes and coins in<br />
circulation, preference for cash and currency handling practices<br />
• ...but technology <strong>of</strong>fers immense opportunities to improve<br />
performance<br />
RBI’s <strong>The</strong> Clean Note Policy (1999)<br />
Establishment <strong>of</strong> 2 state <strong>of</strong> the art currency presses<br />
Technology driven anti counterfeit measures<br />
48 fully automated Currency Verification & Processing Systems<br />
21 Shredding and Briquetting Machines<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Technology & Monetary Systems<br />
<strong>The</strong> Opportunities –<br />
• <strong>The</strong> proliferation <strong>of</strong> IT has also set the stage for<br />
improving and managing risks in payment systems<br />
– Electronic Trading Systems<br />
– DVP/PVP<br />
–RTGS<br />
– Secured Netting Systems<br />
– <strong>The</strong> growth <strong>of</strong> the Central Counterparty (CCP)<br />
– Continuous Linked Settlement<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Continuous<br />
Linked<br />
Settlement<br />
Central<br />
Counter<br />
party<br />
Secured<br />
Netting<br />
Systems<br />
Payment<br />
Versus<br />
Payment<br />
IT and Payment and<br />
Settlement Systems<br />
Delivery<br />
Versus<br />
Payments<br />
Electronic<br />
Dealing<br />
Platforms<br />
Real<br />
Time<br />
Gross<br />
Settlement<br />
Demateria<br />
-lisation<br />
Of<br />
Securities<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004 Vepa Kamesam, Chairman <strong>IDRBT</strong>
NEFT<br />
NFS/IBPG<br />
CFMS<br />
PKI-based<br />
Security<br />
SFMS<br />
INFINE<br />
T<br />
<strong>IDRBT</strong><br />
RBI<br />
INITIATIVES<br />
IN PAYMENT<br />
&<br />
SETTLEMENT<br />
SYSTEMS<br />
RTGS<br />
PDO-NDS & SSS<br />
Compliance with<br />
BIS Core Principles<br />
Clearing<br />
Corporation<br />
<strong>of</strong> India<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
RBI Initiatives in Payment<br />
and Settlement Systems (1)<br />
<strong>The</strong> <strong>IDRBT</strong><br />
• Network Externalities<br />
• <strong>The</strong> Indian Financial Network (INFINET)<br />
• Messaging Solutions<br />
• <strong>The</strong> Structured Financial Messaging System (SFMS)<br />
• Security<br />
• Public Key Infrastructure<br />
• <strong>IDRBT</strong> CA<br />
• National Financial Switch<br />
• Inter Bank Payment Gateway<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
JAMMU<br />
CHANDIGARH<br />
IN FIN ET Le a se d Line Ne tw o rk<br />
JAIPUR<br />
DELHI<br />
LUCKNOW<br />
KANPUR<br />
BHOPAL<br />
CALCUTTA<br />
AHMEDABAD<br />
GUWAHATI<br />
MUMBAI<br />
PATNA<br />
GOA<br />
NAGPUR<br />
PUNE<br />
BANGALORE<br />
BHUBANESHWAR<br />
HYDERABAD<br />
RBI<br />
KOCHI<br />
CHENNAI<br />
<strong>IDRBT</strong><br />
HYDERABAD<br />
THIRUVANANTHAPURAM<br />
4 X 2 Mbps<br />
2 X 2 Mbps<br />
2 Mbps with<br />
ISDN Backup<br />
2 Mbps<br />
64 Kbps<br />
CUG links<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
PKI Hierarchy<br />
CCA<br />
<strong>IDRBT</strong> CA<br />
Repository<br />
<strong>IDRBT</strong> CA<br />
RA<br />
RA<br />
RA<br />
Subscriber<br />
Subscriber Subscriber Subscriber<br />
Subscriber<br />
Subscriber<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
NFS CONNECTIVITY with Existing Consortiums & Individual Banks<br />
ISDN<br />
National Financial Switch &<br />
E- Payment Gateway<br />
ISDN<br />
Leased Line<br />
Leased Line<br />
Bank 1<br />
Bank 2<br />
ISDN<br />
INFINET<br />
Leased Line<br />
Broad Band VSAT<br />
Bank N<br />
ISDN<br />
Leased Line<br />
Leased Line<br />
ISDN<br />
ISDN<br />
CashNet<br />
IP Address:202.138.123.68<br />
Subnet Mask: 255.255.255.254<br />
Location: Mumbai<br />
MITR<br />
Location: Chennai<br />
BANCS & Cashtree<br />
Location: Mumbai<br />
Primary Link<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Backup Link<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
RBI Initiatives in Payment<br />
and Settlement Systems (2)<br />
A Real Time Gross Settlement System<br />
• Reduction <strong>of</strong> systemic risk in inter bank<br />
payment systems<br />
• To be implemented by the year end<br />
<strong>The</strong> Centralised Funds Settlement System<br />
• Facilitating effective liquidity management<br />
<strong>The</strong> Negotiated Dealing System<br />
• A modern electronic dealing platform for gilts<br />
• Enabling Straight Through Processing<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
CFMS<br />
Real Time<br />
Gross<br />
Settlement<br />
Intra Day<br />
Liquidity<br />
SSS<br />
Settlement<br />
Accounts<br />
IFTP Strip & Store<br />
Processes<br />
RBI Payments and<br />
Actg. Entry<br />
Interface<br />
INFINET<br />
NSS<br />
Participant’s<br />
Interface<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
Participant’s<br />
Interface<br />
November 4, 2004<br />
Participant’s<br />
Interface<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
RTGS Scenario<br />
• 92 banks have implemented it<br />
• 3-4 more to implement in a fortnight<br />
• Customer transactions have already started<br />
• Total volumes – Transactions on average<br />
Rs.20,000 crores per day settled continuously<br />
from the time <strong>of</strong> opening <strong>of</strong> markets<br />
• Guarantee settlement fund<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
RBI Initiatives in Payment<br />
and Settlement Systems (3)<br />
<strong>The</strong> Securities Settlement System<br />
• Providing centralized depository and<br />
settlement services<br />
• Seamlessly integrated with the NDS and<br />
RTGS Systems<br />
<strong>The</strong> Clearing Corporation <strong>of</strong> India<br />
• Secured netting services with central<br />
counterparty arrangements<br />
• G-Sec and Forex segments<br />
• Elimination <strong>of</strong> settlement risks with liquidity<br />
saving elements<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Smart Cards – <strong>The</strong> <strong>Future</strong><br />
• Multi-application Smart Card<br />
• Channel <strong>of</strong> the future<br />
• Pilot project started<br />
• Pilot Project funded by MCIT, Govt. <strong>of</strong><br />
India<br />
• <strong>The</strong> project is in progress in partnership<br />
with <strong>IDRBT</strong>, IIT Bombay, and Banks in<br />
India<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
RBI and Customer Service…(1)<br />
Dissemination <strong>of</strong> information<br />
<strong>The</strong> RBI website<br />
Multiple Delivery Channels<br />
Coin & Note Dispensing Machines<br />
For the general public<br />
Interactive Voice Response System<br />
For banks and financial institutions<br />
Web server<br />
For government customers<br />
On the anvil….<br />
A secured web server<br />
SFMS/email based communication<br />
with customers<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
RBI and Customer Service...(2)<br />
Improvements in payment and settlement<br />
systems<br />
MICR Clearing<br />
Enabling faster clearing <strong>of</strong> cheques<br />
Cheque Truncation & E-Cheques<br />
On the drawing board<br />
ECS/EFT<br />
Enabling T+2 settlement <strong>of</strong> our equities<br />
market<br />
National EFT<br />
Enabling T+0 settlement <strong>of</strong> all<br />
customer funds transfer transactions<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Issues in Implementation<br />
“Less than 10% <strong>of</strong> failures are due to technical snags – most are due to<br />
poor management and implementation”<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Resistance to change<br />
Overlooking process<br />
reengineering<br />
Project management<br />
Dedicated project teams<br />
Change management<br />
Policies<br />
People Skills & Training<br />
Basic Infrastructure – telecom,<br />
power<br />
Security<br />
Privacy & confidentiality<br />
Legal and regulatory issues<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Pre-requisites for Technology<br />
Human Resource<br />
Empowerment<br />
Business Process<br />
Re-engineering<br />
engineering<br />
Planning for<br />
Disasters<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
<strong>The</strong> pre-requisites for<br />
Technology<br />
Planning for disasters<br />
• Increased operational risk<br />
• Business Continuity Planning<br />
Business Process Re-engineering<br />
Human Resource Empowerment<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Disaster Management<br />
• An action plan to combat perceived<br />
threats…contains 3 different stages:<br />
– Prevention<br />
– Rescue and relief<br />
– Post-disaster rehabilitation<br />
• <strong>The</strong> “to-do’s” list<br />
– Disaster recovery policy & procedures<br />
– Identification <strong>of</strong> critical tasks & information<br />
– Regular drills<br />
– Training<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Disaster Recovery Planning Cycle<br />
Veritas<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Getting Personal with Personnel<br />
People represent the most precious asset<br />
• Large employee base – largely untrained. Training<br />
scope & methodology?<br />
• VRS to balance costs. Break even? Down sizing?<br />
• Bring in young blood<br />
• Campus recruitment<br />
• Re-defining & designing jobs. Career paths?<br />
• Specialist Vs. Generalist<br />
• Attrition <strong>of</strong> trained employees to IT industry / other<br />
banks. Competitive incentives?<br />
• Re-location <strong>of</strong> personnel. Union issues?<br />
• Retrained personnel. Morale <strong>of</strong> employees?<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Need for Training<br />
• All these developments call for extensive, continuous<br />
training<br />
• Current and future technology implementations call<br />
for at least 20% <strong>of</strong> <strong>of</strong>ficers specialise in IT<br />
• Hence need for specially skilled people – a mix <strong>of</strong>:<br />
– System administrators<br />
– Application managers (knowledgeable about both banking<br />
and technology)<br />
– Technology managers (who form the core team <strong>of</strong> technology<br />
pr<strong>of</strong>essionals).<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Some Security<br />
Related Matters<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Security is about…cementing<br />
the weak link<br />
• Enemy will never strike at your strong<br />
points…it will target the chinks in<br />
your armour<br />
• Hence…what is needed is:<br />
– Systematic, periodic review <strong>of</strong> security<br />
arrangements<br />
– Locate the weak links & build them<br />
• It is not a “one-time” project, rather a<br />
continuous exercise<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Computer Crimes<br />
• Only 5% <strong>of</strong> cyber crimes in banks are reported in India,<br />
as opposed to 20% globally. Of these, over 60 per cent<br />
are instances <strong>of</strong> internal fraud (NASSCOM)<br />
• In August 2004 alone, the number <strong>of</strong> reported cyber<br />
crimes crossed 1,37,529 and the figure has been growing<br />
by 50 per cent year-on-year<br />
• Occur in 3 ways:<br />
– Physical Crimes<br />
– Data-Related Crimes<br />
– S<strong>of</strong>tware-Related Crimes<br />
• To combat the same, IT ACT 2000 is a step in the<br />
direction<br />
• In addition, strong security measures (physical & data)<br />
plus disaster recovery are essential<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Security Controls<br />
• Authentication <strong>of</strong> e-banking customers<br />
• Non-repudiation and accountability for e-<br />
banking transactions<br />
• Appropriate measures to ensure segregation <strong>of</strong><br />
duties<br />
• Proper authorisation controls within e-banking<br />
systems, databases and applications<br />
• Data integrity <strong>of</strong> e-banking transactions, records<br />
and information<br />
• Establishment <strong>of</strong> clear audit trails for e-baking<br />
transactions<br />
• Confidentiality <strong>of</strong> key bank information<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Physical Security Aspects<br />
• Clearly defined responsibilities <strong>of</strong> Chief Security Officer:<br />
– Devise security policy & programme<br />
– Motivation & education <strong>of</strong> security force<br />
– Develop espirit-de-corps<br />
• Training not only for security personnel for entire staff<br />
• At security personnel level – discipline and performance to<br />
be stressed<br />
• Exercise caution in recruiting private security agencies – do<br />
the groundwork well! What to look for:<br />
– Armed guards with licensed weapons<br />
– Effective infrastructure for training the guards<br />
– Credible Supervisory infrastructure and<br />
– Security clearance by the State Government authorities<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Physical Security Measures (1)<br />
Technology deployment has gone into building stronger<br />
physical security. Key developments<br />
• Access Control Measures such<br />
as identity cards, entry permits,<br />
magnetic cards, computer vision<br />
or biometric control systems<br />
etc.<br />
• Fire/Smoke detection systems,<br />
particularly which are covered<br />
by National Building Code<br />
• Security Alarm Systems<br />
• X-Ray Scanner Machines<br />
• CCTV Systems<br />
• Public address systems<br />
• Hotline incl. Remote access<br />
wireless links<br />
• Detection <strong>of</strong> chemicals and<br />
explosives using probes<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
• Carriage Inspection Mirrors<br />
• Hotlines/Autodialers and mobile<br />
phones<br />
• Time Lock Systems<br />
• Integrated Crisis Management<br />
(ICM) Arrangement.<br />
• Magnetic Contacts/Sensors<br />
• Glass Break Sensors<br />
• Passive Infra-Red (PIR)<br />
Movement Sensors<br />
• Vibration Detectors<br />
• Door Frame or Hand Held Metal<br />
Detectors (DFMDs/HHMDs)<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Physical Security Measures (2)<br />
• Speed Breakers<br />
• Boom Barriers<br />
• Remotely operated collapsing barriers<br />
• Bollards<br />
• Spike busters – on wheels – zigzag<br />
• High mounted concealed cameras (photographing<br />
the number plates)<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Inspection mirror<br />
Surveillance camera<br />
IR sensors<br />
Smoke Alarm<br />
sensors<br />
Specialty mirror<br />
for deterrence<br />
Finger-print<br />
reader<br />
X-ray scanner<br />
Iris<br />
Scanner<br />
Metal Detector<br />
Access<br />
control -<br />
Graded access to<br />
various levels<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
CCTV<br />
• Perhaps the most critical element in administering and<br />
monitoring security<br />
• Benefits:<br />
– Helps plan & conduct security<br />
– Eliminates grey zones in investigations<br />
– Helps study behaviours <strong>of</strong> staff & customers<br />
– Identifies potential threat/losses<br />
– Helps employees remain alert & confident<br />
• Minimum achievable objectives:<br />
–Early warning<br />
– Recorded evidence<br />
– Spot corrections<br />
– Strong Deterrent<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Physical & DataSecurity – What Else?<br />
• Application <strong>of</strong> Biometrics (e.g, instead <strong>of</strong> just fingerprint,<br />
an Indian company uses the palmprint for identification)<br />
• Use <strong>of</strong> infra-red sensors, beams & detectors<br />
• Specialised x-ray imaging – can we detect if the currency<br />
in a sealed box is counterfeit?<br />
• Issue with telephone connectivity – can be just<br />
snapped…can remote wireless systems be used instead?<br />
• What to with Data Security…if the data vanishes simply?<br />
Need to capture data on real-time basis at designated<br />
remote disaster recovery sites<br />
• Not all bank branches are computerised – then there will<br />
be issues <strong>of</strong> data security and integrity & how to capture<br />
the data from the non-computerised branches at regional<br />
hubs etc.<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
How to Ensure Security??-A Framework<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
<strong>IDRBT</strong>’s Solutions for Security<br />
Risk Management (SRM)<br />
Risk<br />
Assessment<br />
IS Audit<br />
Awareness by<br />
Training<br />
SRM<br />
for<br />
Banks<br />
Gap<br />
Analysis<br />
Policy &<br />
Procedures<br />
Development<br />
PKI<br />
Implementation<br />
INFINET<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Currency Management<br />
&<br />
Movement <strong>of</strong> Treasure<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Mechanized Sorting <strong>of</strong><br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
Notes in the Chests<br />
• Chests must send only unfit notes to RBI<br />
• Desktop machines – current costs must be<br />
made cheaper? Indigenous technology to be<br />
explored<br />
• Easy to operate<br />
• Reasonable capability to detect counterfeit<br />
notes<br />
• Various range <strong>of</strong> processing speed in different<br />
models (15 to 25,000 pcs per hour)<br />
• Also available on rent and lease (outsourcing<br />
by reliable third parties)<br />
• Mechanized sorting is the only way to handle<br />
the increasing volume <strong>of</strong> soiled notes<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Agencies Involved in<br />
Currency Management<br />
Police<br />
MOF<br />
Railways<br />
RBI<br />
RBI's<br />
Presses<br />
Govt<br />
Presses<br />
Mints<br />
Banks<br />
(chests)<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Movement <strong>of</strong> Treasure ..(1)<br />
• Specially built trucks for short distance<br />
(journey completed during the day)<br />
• Railways for long distance<br />
• Guarded by police<br />
• Remittance accompanied by <strong>of</strong>ficials <strong>of</strong><br />
RBI to chests<br />
• Further movement from chest to a<br />
branch done by the bank concerned<br />
should be done in utmost secrecy and<br />
nearest police stations kept on alert.<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Movement <strong>of</strong> Treasure .. (2)<br />
•<strong>The</strong>se remittances are insured and it appears<br />
the miscreants are aware <strong>of</strong> insurance limits<br />
when robberies take place.<br />
•Due diligence to be done on the transport<br />
operators including drivers and cleaners<br />
employed by them.<br />
•Currency to be moved only in container<br />
trucks with tarpaulins etc. – also good quality<br />
vehicles to be used<br />
•GPRS has a major role to play (Radio<br />
Frequency Identification & Detection (RFID)<br />
Technology)<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Movement <strong>of</strong> Treasure<br />
GPRS Network System<br />
Uttar Pradesh<br />
Rajasthan<br />
Bihar<br />
Base Station<br />
Network Manager<br />
Maharashtra<br />
Kerala<br />
Andhra Pradesh<br />
In each state, we can drilldown<br />
exact location <strong>of</strong> the vehicle<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
Chandigarh<br />
Cross-movement <strong>of</strong> Currency<br />
Noida<br />
New Delhi<br />
Jaipur<br />
Lucknow<br />
Guwahati<br />
Kanpur<br />
Bhopal<br />
Patna<br />
Ahamadabad<br />
Dewas<br />
Salboni<br />
Calcutta<br />
Calcutta<br />
Mumbai<br />
Nasik<br />
Nagpur<br />
Bhuaneshwar<br />
Mumbai<br />
Byculla<br />
Hyderabad<br />
Hyderabad<br />
Mysore Banglore<br />
Chennai<br />
Trivandrum<br />
Press<br />
Mint<br />
Issue Offices<br />
Fresh Notes/Coins from<br />
Press/Mint pass on to<br />
the banks/public only<br />
through RBI <strong>of</strong>fices –<br />
hence cross-movement<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>
<strong>The</strong> future will be not be more <strong>of</strong><br />
the same…<br />
… we need to be ready..<br />
INSTITUTE FOR DEVELOPMENT AND<br />
RESEARCH IN BANKING TECHNOLOGY<br />
November 4, 2004<br />
Vepa Kamesam, Chairman <strong>IDRBT</strong>