India’s banking tech experts give insight on 2012 strategies
AN OVERVIEW OF THE TECHNOLOGY SECTOR IN BANKING IN INDIA BY Sameer Ratolikar Chief Information and Security Officer Bank of India & Dharmaraj Ramakrishnan Head of Core Banking Unit ING Vysya Bank These interviews were conducted by Melanie Timbrell & Tom McDonald of FST Media, Australia as part of their Who’s Who in Asia’s Financial Services. 15 - 16 November, 2011, Four Seasons Hotel, Mumbai, IndiaTo speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India inNovember 2011 in Mumbai.
Sameer Ratolikar Chief Information and Security Officer Bank of IndiaTimbrell: What are your key information security priorities for the next 12 to 18 months?Ratolikar: My key security priorities for the next 12-18 months are:1) Ensuring proper technology risk management is established to satisfy regulators and businesspartners2) Data loss prevention strategies across the enterprise3) Secure Access control and management, especially for third party service providers4) IT Governance, Risk Management and Compliance (GRC) to automate the security governance andcompliance process5) Identity management across all critical applications6) To see a Business Continuity Management (BCM) system framed and implemented across the BankTimbrell: What do you see as the top IT security risks facing banks in India right now?Ratolikar: Top security risks faced by banks in India include unawareness among customers and usersabout emerging cyber threats, basic hygiene of information security and sensitive data leakageknowingly or unknowingly. In addition to this, identity theft-related attacks are also on the rise.Timbrell: What is Bank of India’s position on cloud computing; and how are you managing associatedsecurity risks?Ratolikar: We are enthusiastic about cloud computing with regard to seeing how IT services aredelivered in a cloud. We feel that as the concept is new and yet to mature, we will use it for someTo speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India inNovember 2011 in Mumbai.
services like email and web while making observations, test the performance and then we may go for aprivate / hybrid cloud.The talent pool of service providers, data privacy, Business Continuity Planning (BCP), jurisdiction ofdata storage and legal issues are all risks to be managed if one decides to opt for cloud.Timbrell: What technology innovations and trends do you feel are shaping the future of banking inIndia?Ratolikar: Technology innovations in the banking industry started in India almost eight years back in theform of core banking. I feel the following services will shape the future of banking in India:• Internet banking (in use since 2000 but growing rapidly with innovation)• Mobile banking• KIOSK banking• Integration of the ATM networks of all banks• Financial inclusion using smart cards for rural masses (door step banking)• Single view of the customer using business intelligenceTimbrell: Global consultancy firm Boston Consulting Group (BCG) recently predicted mobile bankingand payments transactions in India would reach US$350 billion by 2015. From a security perspective,how are you preparing for this surge in uptake of banking using handheld devices?Ratolikar: Today we have more mobile handsets than bank accounts in India. So the penetration ofmobile phones is definitely being leveraged to provide banking services. But like any innovation bringswith it some risks, mobile / handheld systems are no exception.We have to address the risks arising from such “consumerised devices,” using a standard framework ofPeople, Processes and Technology. We are educating users continuously via our Intranet Portal,conducting ‘Security Weeks’, engaging on policy compliance etc.A centralised access management system is being deployed to see that all connections to ourapplications via these handheld devices are identified, authenticated and then authorised. Digital RightsManagement and data leakage prevention solutions are also being evaluated to prevent data leakagevia these devices and other end points.To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India inNovember 2011 in Mumbai.
Timbrell: Phishing and vishing attacks are on the increase across the region. How is Bank of Indiadealing with this increased threat?Ratolikar: Although there is no one-size-fits-all solution to tackle phishing and vishing, one of the mosteffective ways is deploying a ‘Two Factor Authentication’ solution. We deployed the 2FA solution twoyears ago and are happy to witness near-zero incidents. In addition to this technological solution,creating awareness among users about these attacks is extremely important. We are promotingawareness via radio channels, newspapers, periodical SMSes etc.Timbrell: Does Bank of India currently deploy Information Loss Protection (ILP) capability and how doyou protect from leakage of sensitive data?Ratolikar: Information Loss Prevention capabilities and strategies start with education and framing theright policies focusing on the impact of data loss, regulatory concerns, legal acts etc. We have done allthese things. Now our focus is on a technological solution in the form of rights management and DataLoss Prevention (DLP). We have started deploying Information Rights Management in the Bank. Oncethis project is over, we will look for the right solution to achieve comprehensive DLP.Timbrell: How far ahead do you plan your IT security strategy; and why?Ratolikar: It would be difficult to name the exact time frame for planning IT strategy. Our IT strategy isinfluenced by the outcome of regular risk assessment exercises on our information assets. We conductthe exercises and based on those results define and amend the strategy.Our IT security strategy is always aligned with People, Processes & Technology and mapped toConfidentiality, Integrity and Availability of Data. Similarly, whenever any new projects are rolled out tocustomers, they have to go through our risk assessment exercise.Timbrell: What skill set do you seek out in prospective team members?Ratolikar: I seek team mates with the right attitude to learning, good analytical skills, clarity of thoughtand an appetite and interest in security.Timbrell: When your time as a technology leader draws to a close, what would you wish to beremembered for?Ratolikar: A CIO with leadership and motivational qualities and a great risk manager who transformed ITfrom a cost centre to a profit centre.To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India inNovember 2011 in Mumbai.
Dharmaraj Ramakrishnan Head of Core Banking Unit ING Vysya BankMcDonald: What are your top IT priorities for the next 12 to 18 months?Ramakrishnan: The top priorities for us over the next 12 to 18 months – from a technology point of view– are increasing the use of server virtualisation, data architecture, data analysis, financial inclusion andcore banking upgrades.McDonald: ING Vysya has recently stated it now has the fastest electronics payments processor in thecountry. How critical is continued investment in National Electronic Fund Transfer (NEFT) and Real-Time Gross Settlement (RTGS) technologies to drive future growth?Ramakrishnan: India is experiencing a large shift in how payments are sent, as electronic paymentnetworks gain a strong foothold in the country. The benefits of wire-transfer are speed, safety andsuperior customer service.If you look at paper payment instruments – cheques, demand drafts and cash – these have existed inIndia since the 19th century. As recently as 2003, 86 per cent of all non-cash payments in India were stillmade through the use of paper instruments, with electronic payments only just beginning to take off.Since then, electronic payments have grown by at least 60 per cent year-on-year, and by mid-2009electronic payments represented 33 per cent in volume and 62 per cent in value of all payments made inIndia. There has been a five per cent decline in cheque clearing during 2008-2009 financial yearcompared to the 2007-2008 financial year. Looking at these statistics, there’s enough opportunity forbanks to move from paper to electronic. I am sure that NEFT and RTGS will gain momentum and that’sthe way forward for a faster turn-around.To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India inNovember 2011 in Mumbai.
The Reserve Bank of India (Central Bank)’s efforts to make the RTGS and NEFT processes as common ascheques are today, are paying off. Increasingly, banks are offering their customers innovative paymentservices that are faster, cheaper and safer for all concerned. To realise the cost and efficiency benefitsfrom shifting to electronic payments, it is imperative to develop a comprehensive Paper-to-Electronic(P2E) change management solution.At ING Vysya, we have done system re-architecture and automation as part of our Payments Programme.This includes automated payee name validation for all inward processes. Payment processors are themost sensitive areas of operations and we designed fail-safe systems that worked flawlessly from dayone. The fuzzy logic built in for payee name validation has to be suitable for Indian names andconditions. Since payee name validation was at the heart of Straight-Through-Processing (STP) we had toget this absolutely right and we have done.McDonald: What key challenges are currently facing ING Vysya’s Core Banking Unit and whatstrategies are in place to address these?Ramakrishnan: We are reasonably satisfied with our core banking system. We are nevertheless going infor an upgraded version to reap the benefits of true Service Oriented Architecture (SOA)implementation, easier maintainability and faster time to market. We are also working on real timereplication of data for our analytical needs, and towards true 24/7 availability.McDonald: Given the pace of growth in India’s banking industry, what adaptive and flexible systemsare you putting in place to manage the market’s expanding customer base?Ramakrishnan: Our focus is continuously on providing a world class solution to our customers. If youlook at our RTGS & NEFT processing, we are the fastest electronic payment processor in the country. Infact, we have developed the RTGS and NEFT processing functionality within the core banking system.We have also introduced online trading by integrating with a third party solution a real-time mode thatmakes Application Programming Interface (API) calls between core banking and the trading engine usingEnterprise Service Bus (ESB) as a middleware. We went live with this project in a record time of 30 days.This clearly shows that our time-to-market is pretty good from a technology point of view.Our philosophy is every customer of ours should have an enjoyable experience – making the bank “Easyto Deal With,” as ING’s motto goes.To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India inNovember 2011 in Mumbai.
McDonald: To what extent is ING Vysya considering moving software, storage and infrastructure tothe cloud in order to keep up with India’s economic expansion?Ramakrishnan: No to public cloud. While scepticism prevails around the adoption of public cloud, dueprimarily to data security concerns, private cloud adoption seems to be making traction. If we watchcarefully, virtualisation and Software-as-a-Service (SaaS) are the underlying elements of cloudcomputing. There has been prominent adoption of former, but not the latter in the banking segment.In India, co-operative banks, as well as a few scheduled banks, have been using hosted services for along time now, which is very similar to private could. In private cloud, virtualisation is the key elementand banks have been adopting this for quite some time. At ING Vysya we have virtualised ourproduction systems and we are heading towards a private cloud. Virtualisation has yielded significantbenefits in our IT organisation, in particular, it has allowed us to provide scalable infrastructure.McDonald: What do you foresee as the next ‘big thing’ in banking innovation?Ramakrishnan: Traditional banking models cover just under half of India’s population. The next materialinnovation in the Indian context (and indeed in the context of all developing economy countries) wouldbe to build banking models and delivery mechanisms that extend banking services to the unbanked. Webelieve that the key driver will be India’s ambitious Aadhaar project by the Unique IdentificationAuthority of India (UIDAI), which seeks to provide biometric-based enrolment and authenticationservices to all Indian residents. Which, at 1.3 billion people, would be the most audacious and pathbreaking innovation in centralised identity enrolment and authentication attempted, ever.McDonald: Core banking modernisation is often associated with the highly expensive task ofoverhauling legacy systems. In your experience, what is the most promising and cost effectivetechnology aiding IT core modernisation?Ramakrishnan: Progressive modernisation is the right way to go. Key steps we follow are: identifying thelegacy systems which are to be replaced; doing a cost benefit analysis and justifying the capitalinvestment; and finally ensuring deployment of new systems are aligned with business priorities – thiswill help in achieving a faster ROI.To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India inNovember 2011 in Mumbai.
McDonald: India’s population is rapidly embracing mobile and online banking technology. How is INGVysya adapting to this emerging trend; and is the Bank moving toward an increasingly branchlessbanking model?Ramakrishnan: We are one of the early movers in mobile banking implementation. We implementedour mobile banking solution in 2008 and have now reached a stage of platform renewal. We have athree pronged approach to mobile banking: SMS based banking at the base; third-party applications andmobile malls for the mass market; and an exclusive platform for high end mobile and tablet platforms,which is under development.We have had a comprehensive internet banking channel (“Mibank”) for a long time, and have veryrecently added an exclusive business banking and corporate banking channel called ING Converge,which has gained excellent traction in the marketplace.McDonald: Every IT leader, particularly at your level, has a legacy they wish to be remembered for.What is yours?Ramakrishnan: I would like to be remembered as a person who drives transformation.To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India inNovember 2011 in Mumbai.